Project

General

Profile

Bimodal Lattice Signature Scheme (BLISS) » History » Version 40

Andreas Steffen, 15.03.2015 14:44

1 1 Andreas Steffen
h1. Bimodal Lattice Signature Scheme (BLISS)
2 1 Andreas Steffen
3 16 Andreas Steffen
{{>toc}}
4 16 Andreas Steffen
5 38 Andreas Steffen
BLISS is a post-quantum signature scheme based on the CRYPTO 2013 paper "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 by Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Starting with the strongSwan [[5.2.2]] release we offer BLISS as an IKEv2 public key authentication method. We also added full BLISS key and certificate generation support to the strongSwan [[IpsecPki|pki]] tool. With strongSwan [[5.3.0]] we are upgrading to the improved BLISS-B signature algorithm described in "Accelerating Bliss: the Geometry of Ternary Polynomials":https://eprint.iacr.org/2014/874.pdf by Léo Ducas. This HOWTO is based on the new BLISS-B default scheme. It is possible though to revert to the old BLISS behaviour by setting
6 38 Andreas Steffen
<pre>
7 38 Andreas Steffen
libstrongswan {
8 38 Andreas Steffen
  plugins {
9 38 Andreas Steffen
    bliss {
10 38 Andreas Steffen
      use_bliss_b = no
11 38 Andreas Steffen
    }
12 38 Andreas Steffen
  }
13 38 Andreas Steffen
}
14 38 Andreas Steffen
</pre>
15 40 Andreas Steffen
in strongswan.conf, although we don't see any advantage whatever for doing this.
16 1 Andreas Steffen
17 17 Andreas Steffen
This seamless integration into the strongSwan framework was made possible by the new libstrongswan "bliss plugin":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/show/src/libstrongswan/plugins/bliss completely written in the C programming language without the use of any external libraries and which implements the libstrongswan "public_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/public_key.h and "private_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/private_key.h interfaces.
18 7 Andreas Steffen
19 18 Andreas Steffen
h2. Building strongSwan with BLISS Support
20 18 Andreas Steffen
21 18 Andreas Steffen
If you want to play around with BLISS keys and signatures using the strongSwan [[IpsecPki|pki]] tool please follow the quick software installation HOWTO:
22 18 Andreas Steffen
<pre>
23 37 Andreas Steffen
wget http://download.strongswan.org/strongswan-5.2.2.tar.bz2
24 37 Andreas Steffen
tar xjf strongswan-5.2.2.tar.bz2
25 37 Andreas Steffen
cd strongswan-5.2.2
26 18 Andreas Steffen
./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --enable-bliss
27 18 Andreas Steffen
make
28 18 Andreas Steffen
sudo make install
29 18 Andreas Steffen
</pre>
30 18 Andreas Steffen
31 1 Andreas Steffen
h2. BLISS Private Key Generation
32 1 Andreas Steffen
33 1 Andreas Steffen
strongSwan currently supports the BLISS-I, BLISS-III, and BLISS-IV schemes with a cryptographic strength of 128 bits, 160 bits and 192 bits, respectively. Using the [[IpsecPki|pki]] tool a private BLISS key can be generated as follows:
34 1 Andreas Steffen
<pre>
35 13 Andreas Steffen
pki --gen --type bliss --size 1 --debug 2 > cakey1.der
36 1 Andreas Steffen
37 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
38 1 Andreas Steffen
mgf1 generated 240 octets
39 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
40 1 Andreas Steffen
mgf1 generated 240 octets
41 1 Andreas Steffen
l2 norm of s1||s2: 771, Nk(S): 47150 (46479 max)
42 1 Andreas Steffen
43 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
44 1 Andreas Steffen
mgf1 generated 220 octets
45 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
46 1 Andreas Steffen
mgf1 generated 240 octets
47 1 Andreas Steffen
l2 norm of s1||s2: 771, Nk(S): 43332 (46479 max)
48 1 Andreas Steffen
49 1 Andreas Steffen
secret key generation succeeded after 2 trials
50 1 Andreas Steffen
</pre>
51 9 Andreas Steffen
When generating the private key consisting of the two polynomials *s1* and *s2*, the limit for the _Nk(S)_ metric must not be exceeded. This means that often several trials are needed in order to obtain a valid BLISS private key. With the command
52 1 Andreas Steffen
<pre>
53 13 Andreas Steffen
pki --print --type bliss-priv --in cakey1.der
54 1 Andreas Steffen
55 1 Andreas Steffen
private key with:
56 1 Andreas Steffen
pubkey:    BLISS 128 bits strength
57 1 Andreas Steffen
keyid:     d1:a3:fb:04:8d:1b:86:4f:fa:a7:d8:45:ec:e3:e3:ec:ef:7b:85:ca
58 1 Andreas Steffen
subjkey:   e3:fc:6b:59:9a:ee:81:d5:10:3a:58:9f:e2:99:f7:7f:5c:3b:1c:96
59 1 Andreas Steffen
</pre>
60 1 Andreas Steffen
information on the BLISS private key is displayed.
61 2 Andreas Steffen
62 1 Andreas Steffen
Let's now generate a BLISS-IV key with 192 bit cryptographic strength in base64-encoded PEM format
63 2 Andreas Steffen
<pre>
64 13 Andreas Steffen
pki --gen --type bliss --size 4 --outform pem  > cakey4.pem
65 3 Andreas Steffen
secret key generation succeeded after 6 trials
66 1 Andreas Steffen
</pre>
67 1 Andreas Steffen
The PEM key format is printable
68 2 Andreas Steffen
<pre>
69 21 Andreas Steffen
cat cakey4.pem
70 3 Andreas Steffen
71 1 Andreas Steffen
-----BEGIN BLISS PRIVATE KEY-----
72 3 Andreas Steffen
MIIFGgYLKwYBBAGCoCoFAgQDggOBAEOoiWS7mISnnPjzFJu6REHq1REYuLfillD2
73 3 Andreas Steffen
VmmCWuB1NcL6GLTRFzwCMCw8KBLpyZhEAs6QlelSWVxPuBGMuQzQsmm9A3NjrV4U
74 3 Andreas Steffen
655KXTkuiTpZP00qsfKuqh6EofkQ+89YK6qZNnxAeJ/mB9Dlkq9ELPjigNlZfUkd
75 3 Andreas Steffen
Ky2fBJkwdKLb75WermM3tOYts0X06j7M3WX8DdVsGgIrzC57shAiD9nyhrUNHB15
76 3 Andreas Steffen
b9IymR84GW4BJofKVW2GJVeUyLnh8YP33OUx6F5aEqweSbi5dGtbDbr0WmK6LmNw
77 3 Andreas Steffen
dKQyv+hickbXGTWifAEktjpTApYjBBB6TZgiAW2P4T3dMq2ciQUbhCl1xWUlWF+2
78 3 Andreas Steffen
iZbfFrcMb4dVrWOYbQRfvURmCkvJWsXHiijK8E+pmCDCruQg7TuRlIdXCRhSZrzY
79 3 Andreas Steffen
+pLcY7mKBfyCvrmYmmCMRQQXeTDnGI/9VhHJ6icK6Mqy2BwRVFj9FmSsAHmF9gkL
80 3 Andreas Steffen
hcaPlsgpLqaoK41FcJHjMbJIjWKaHkFXMQ0K943cM0ivB3EqRG68AptqH1QxkIi6
81 3 Andreas Steffen
haUuQL6Nsl/tXo4VwyiVpm1faRQW5Re9L6KbEhLgnT3JeAft0zOOlHwx5myBDAxa
82 3 Andreas Steffen
s8LP9H/EyzpO4uyd1eHlqZvGEmlt9lhOikLwEohWDoZIpWFKrtfzciQMOugLq4m4
83 3 Andreas Steffen
n+ueVo25rvq6MRwncj0FCwlt0nAhWeP8hQYTzhgFsBeheM4OaWVRhRPQmqYFrLRZ
84 3 Andreas Steffen
grvkgGIQd2IDKhjqCI7gpOi/KRG5RbnyvO4zaqLNy16Lk4exZ2iin19YQpmU613j
85 3 Andreas Steffen
EVLsMoRTQl2tE+aB0GJ0BpE3u0Aqnrp6ZhCJmK8CybfYAGhV5sly59Cds7QtIw8r
86 3 Andreas Steffen
6pXl7Wd0q2sMFsUnqadcCwqoeOciqU+AwvQ+X2g4eilxV6D2TkLMMBUOYi5BqNdj
87 3 Andreas Steffen
a7pJAnUUMyEYvDXhMUYnjGlK3RFKHFCzCalQN0s5JLRTpLnTTy70TtvMaDJAWCwG
88 3 Andreas Steffen
OShSbNqr0zGNfnCsFjuppZ+5tQd7GRCgjL2uG0CDTIKEq5vmaH1d3FOldJX2uYYA
89 3 Andreas Steffen
O6QOKIThuiH3C0OgAQoLGoArsmFymtBXHxPZSjtE5SR+1YVCr4UEdGlSt2efJoxm
90 3 Andreas Steffen
eBaYki03CF2pSm7EDHxbEjDC9E3AeOfUW6Iq4dTGThjGNGnnBIbpv0mSdXFzWcZU
91 3 Andreas Steffen
3rwQo51EA4HBAACSCPjwAOUCAOCCCOP/gCDzxzweEOByCAACeEP1wF+DxhwBiQTw
92 3 Andreas Steffen
AP/0AAQFx/z+SACPgR+ASePwOAOgAAQBwDiAV0OOCADwB0eOgAeAOORwMAPzwOQS
93 3 Andreas Steffen
CBuMAQOB+Px/x+AuCeRweeADzwACPyCP+RyQhgBzwOCBwSBwOB+SeQAQCOBwACAB
94 3 Andreas Steffen
0eByABwQBwQAAeCBwgAAB/wACDwNyPgeQOPwAAR+OAR+AB+COAQCBx+QeB+R+B+Q
95 3 Andreas Steffen
CADjxwACPiARvwOBwQDjggcY7EEgAEHjcYAcogEHgccDjgcDg8fgAnjgAgfkgEgc
96 3 Andreas Steffen
DnjgAEbAn8ArnAhAAcAkAEgADkgAD8DgkDgkcDnkcE88jkjkgjgD9ccAg8cc8jjr
97 3 Andreas Steffen
kcgkABED8gAD8H/n8gAAj8AgEHj8D8D89Dfg4DAgEEAAgAj8HgkgAj8HgcHodAEk
98 3 Andreas Steffen
cn8DAL8AD/g//gcDkAEH/AAD/gcDnj8AkD8AcDgErkHjAAcA9AAAAcAcEEEgAAAg
99 3 Andreas Steffen
AYLoAgAEHgkDgYccgbk=
100 1 Andreas Steffen
-----END BLISS PRIVATE KEY-----
101 1 Andreas Steffen
</pre>
102 3 Andreas Steffen
At last let's generate a BLISS-III key with a cryptographic strength of 160 bits with the highest debug level enabled:
103 3 Andreas Steffen
<pre>
104 13 Andreas Steffen
pki --gen --type bliss --size 3 --debug 4 > cakey3.der
105 3 Andreas Steffen
106 3 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
107 3 Andreas Steffen
mgf1 generated 380 octets
108 3 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
109 3 Andreas Steffen
mgf1 generated 380 octets
110 3 Andreas Steffen
l2 norm of s1||s2: 1401, Nk(S): 125552 (128626 max)
111 3 Andreas Steffen
112 3 Andreas Steffen
secret key generation succeeded after 1 trial
113 3 Andreas Steffen
   i   f   g     a     F     G     A
114 3 Andreas Steffen
   0  -1   1 11932  6730 11344  6400
115 3 Andreas Steffen
   1   1   0  2227  1206  9396  6244
116 3 Andreas Steffen
   2  -1   2  4844   496   414  4411
117 3 Andreas Steffen
   3  -1   0  2768  2813  1412  6619
118 3 Andreas Steffen
   4   0   2  3583  2753  3520  9237
119 3 Andreas Steffen
   5   0   2 10160  2434  9512  8688
120 3 Andreas Steffen
   6   0   2  8157  9071 10775  8990
121 3 Andreas Steffen
   7   0   0  3862  5091   211  3126
122 3 Andreas Steffen
   8  -1   0  3045  2278  5799  8812
123 3 Andreas Steffen
   9   1   0  9942  5685  3335   541
124 3 Andreas Steffen
  10   0   0  8236  1637   526  5000
125 3 Andreas Steffen
  11   0   0  8638     9  9539 10618
126 3 Andreas Steffen
  12   0  -2 11526 11882  8890  8976
127 3 Andreas Steffen
  13  -1   0 12180 11895  3538  5231
128 3 Andreas Steffen
  14  -2   0  6332  4243 11062   243
129 3 Andreas Steffen
  15   0   0  4083  4302  3400  4000
130 3 Andreas Steffen
  16   0   2  4545  6031  2766  1708
131 3 Andreas Steffen
  17   0   0  1495  4119  8792 11954
132 3 Andreas Steffen
  18   1  -2  5664  9450  5151  6621
133 3 Andreas Steffen
  19   0   0  3580  1963 11193  1552
134 3 Andreas Steffen
  20  -1  -2  7090  5950 10318  8445
135 3 Andreas Steffen
  21   0   0  5180  8190  7147 11145
136 3 Andreas Steffen
  22   0  -2  8455 12226    27 10533
137 3 Andreas Steffen
  23   0   0   810  4585  6578  3333
138 3 Andreas Steffen
  24   1   0  5316  9595  2034  7088
139 3 Andreas Steffen
  25   0   0 10072 11746 10425  9554
140 3 Andreas Steffen
  26  -1   0  4544  5888  7751  8402
141 3 Andreas Steffen
  27   0   0  9529 10638  5983  9509
142 3 Andreas Steffen
  28   0   0  6832  8019  5519  1124
143 3 Andreas Steffen
  29   1  -2  8900  2356  4475  4326
144 3 Andreas Steffen
  30   0  -2  4438  7452  2418   406
145 3 Andreas Steffen
  31  -1  -2   363  9949  6078  3369
146 3 Andreas Steffen
  32   0   0  6032  9713 11653 12232
147 3 Andreas Steffen
  33   0   0  1342 11748 11094  4727
148 3 Andreas Steffen
  34  -1  -2   780  9506  2687  5713
149 3 Andreas Steffen
  35   1   0  1114 11518  5003  1173
150 3 Andreas Steffen
  36   1   0 11561  8458  9766  5255
151 3 Andreas Steffen
  37   0   0   932  4680  7848 10211
152 3 Andreas Steffen
  38   0   0  4748  4235  6832  9975
153 3 Andreas Steffen
  39   1   2  6338  9116  1371  9287
154 3 Andreas Steffen
  40   0   0  9216 11714 11657  4532
155 3 Andreas Steffen
  41   1  -2  1100  6203  6951  9887
156 3 Andreas Steffen
  42   1   0 11955  9307   124 11984
157 3 Andreas Steffen
  43   0   0  6550  6220  9948 11200
158 3 Andreas Steffen
  44   1   0 10183  7920  2231  2050
159 3 Andreas Steffen
  45   0   0  5858 10736 11843  4851
160 3 Andreas Steffen
  46   1   0  4402  6459  5976  5509
161 3 Andreas Steffen
  47   1   2  3354  2643  9397 11716
162 3 Andreas Steffen
  48   1  -2  9937  3908  1174 11478
163 3 Andreas Steffen
  49   2   0 11688  9298 10680  1833
164 3 Andreas Steffen
  50  -1   2  5348  4731 12240  5286
165 3 Andreas Steffen
  51   0   0  4594  1469 10189  5043
166 3 Andreas Steffen
  52   0   2  6324  1006  6445  3268
167 3 Andreas Steffen
  53   0  -4  2137  2707  4158   569
168 3 Andreas Steffen
  54  -1  -2   340  2232  4643  9852
169 3 Andreas Steffen
  55  -1   0  1784  8290  9620  3129
170 3 Andreas Steffen
  56   1   0  7203  5610 11341   749
171 3 Andreas Steffen
  57   0   0  6651 12057 10851  5621
172 3 Andreas Steffen
  58  -1   0   383  5516  9861  2272
173 3 Andreas Steffen
  59   2   0 10893  8086  1452   140
174 3 Andreas Steffen
  60   0   0  7921 10970  6955  9293
175 3 Andreas Steffen
  61   1  -2  4243 10170  5305  9178
176 3 Andreas Steffen
  62  -1   2  3565  2730  3858 11021
177 3 Andreas Steffen
  63   0   0  5697  1308  7157  8076
178 3 Andreas Steffen
  64   0  -2  4079  5666  9079  5400
179 3 Andreas Steffen
  65   1   0  3653  2895  1244 11606
180 3 Andreas Steffen
  66   0   2  9829  6670  4713  3470
181 3 Andreas Steffen
  67   1  -2 11728  5737  6142  2111
182 3 Andreas Steffen
  68   1  -2  7403 10194  2903  2562
183 3 Andreas Steffen
  69  -2   0   770  9857   301  4108
184 3 Andreas Steffen
  70   0  -2  6771  2653 10239  2130
185 3 Andreas Steffen
  71   0   0  7855  4463  7362  9248
186 3 Andreas Steffen
  72  -1   0 10880  6688  3127   311
187 3 Andreas Steffen
  73  -1   2  4691  8128   533  8290
188 3 Andreas Steffen
  74  -1  -2  4037  3558   115 10006
189 3 Andreas Steffen
  75   0   0  2284   389  6473  3776
190 3 Andreas Steffen
  76   0   0  5390  9091  1720  7047
191 3 Andreas Steffen
  77   0   2  4988  1314 11101  4376
192 3 Andreas Steffen
  78   1   0  5858  6929  7217  3009
193 3 Andreas Steffen
  79   0   0  8276  9115  9758  8600
194 3 Andreas Steffen
  80   0   0  1719  3490  6518  2847
195 3 Andreas Steffen
  81   0   0  3145    16  2434 10905
196 3 Andreas Steffen
  82   1   0 12177  5643  1293  9983
197 3 Andreas Steffen
  83   0   2  8860  7027  7247  4144
198 3 Andreas Steffen
  84   0  -2  8029 11886  5161  8312
199 3 Andreas Steffen
  85   0   0  6660  8970  4777  9518
200 3 Andreas Steffen
  86   0   2  8940  2217  8996  6495
201 3 Andreas Steffen
  87   0   0  4623  2243 11869 10300
202 3 Andreas Steffen
  88   0   4 11841  4074  6347  3751
203 3 Andreas Steffen
  89  -1   0  2220 12271  2346  3966
204 3 Andreas Steffen
  90   0   2 11997   617  8162  8020
205 3 Andreas Steffen
  91   0  -2  4335    73 10232  9399
206 3 Andreas Steffen
  92   1   2  8016 10780 11912 11369
207 3 Andreas Steffen
  93   0  -2  4302  7923   717  7152
208 3 Andreas Steffen
  94   0  -2  8014  1252  8311 11638
209 3 Andreas Steffen
  95   1   0 11580   975  1679  2699
210 3 Andreas Steffen
  96   1   2  6246  3336   161  6745
211 3 Andreas Steffen
  97  -1  -4  5081  9817 11892  6259
212 3 Andreas Steffen
  98   0   0  4544 10997 12278  4499
213 3 Andreas Steffen
  99   0   2  1616  9495 12225 10213
214 3 Andreas Steffen
 100  -1  -2  8533  8912  6448  9929
215 3 Andreas Steffen
 101   0   2  8850  8093 11649  9665
216 3 Andreas Steffen
 102   1  -4  9776  4225  8805  9906
217 3 Andreas Steffen
 103  -1   0 12203  5021 12232 10353
218 3 Andreas Steffen
 104   1   2  1285 10557  8597  2897
219 3 Andreas Steffen
 105   1   0  5553 11162  5268 10387
220 3 Andreas Steffen
 106  -1  -2  6413 10365 11905  6694
221 3 Andreas Steffen
 107   0  -2  1915  8797  5109 10630
222 3 Andreas Steffen
 108   1   2  5668  7809 10108   689
223 3 Andreas Steffen
 109   0  -2  5724  6433  9119  9062
224 3 Andreas Steffen
 110   1   0  3193  2998 10987  4238
225 3 Andreas Steffen
 111   0   2  3218  6756 10221 11532
226 3 Andreas Steffen
 112   0   0 11475  1061  3999  2494
227 3 Andreas Steffen
 113   0   0  1751 10398  9032 10926
228 3 Andreas Steffen
 114   0   0  5049  4368  3557  9980
229 3 Andreas Steffen
 115   0   0  6973 10707 10291  4631
230 3 Andreas Steffen
 116   0   0   826  2759  8952 11976
231 3 Andreas Steffen
 117  -2   0 11077  1210  8027  7898
232 3 Andreas Steffen
 118   0   0  3361  8733  5169   237
233 3 Andreas Steffen
 119   0   0  9447 10875 12077 11281
234 3 Andreas Steffen
 120   0   0  7154   928   564 11601
235 3 Andreas Steffen
 121  -1  -2  5099  1695  5523 11879
236 3 Andreas Steffen
 122   0  -2  5533  6614  4882  7444
237 3 Andreas Steffen
 123   0   2  2416  2221 11163  3679
238 3 Andreas Steffen
 124   0  -2   683  8407  7179 11214
239 3 Andreas Steffen
 125  -1   0  1698  4946  8846  5627
240 3 Andreas Steffen
 126   0   2 11993  1197  5067  2037
241 3 Andreas Steffen
 127  -1   2 11131 10689  4543  8346
242 3 Andreas Steffen
 128   1   0 11684 12052  5700  5576
243 3 Andreas Steffen
 129   0   0 11081  7285  5758  2882
244 3 Andreas Steffen
 130   0   0  2204 10550 10764 10396
245 3 Andreas Steffen
 131   0   0  5413  6834   237  9705
246 3 Andreas Steffen
 132   0   0  3139  9589  3580  1000
247 3 Andreas Steffen
 133   1   0  2435 10845 11335  4375
248 3 Andreas Steffen
 134   0   0  5835  9461  5820  8967
249 3 Andreas Steffen
 135   1   2  1986  7566  6638  7219
250 3 Andreas Steffen
 136   1   2 12005   279  4775   854
251 3 Andreas Steffen
 137   0  -2 11470  3603  1399  4755
252 3 Andreas Steffen
 138   0   4  3665 10794  4373 10453
253 3 Andreas Steffen
 139   0   0  6909  8265 11931 11831
254 3 Andreas Steffen
 140   1   2  9201  4238  3547  9596
255 3 Andreas Steffen
 141   1  -2  7577 11197  9585  4684
256 3 Andreas Steffen
 142   0   0  8947  1967  2051  7873
257 3 Andreas Steffen
 143   0  -2  9195  2467  6347  7903
258 3 Andreas Steffen
 144   1   2 11017  8525 11401 10043
259 3 Andreas Steffen
 145  -1   0  1786  7054  2174  5272
260 3 Andreas Steffen
 146   0   0  2541 11091 10944 11808
261 3 Andreas Steffen
 147   0   0  1685 12142  9116 11391
262 3 Andreas Steffen
 148   0  -2  9324 10699 11938  1090
263 3 Andreas Steffen
 149   1  -2  6706  2541  7886  7480
264 3 Andreas Steffen
 150   1   0 10550  1341  3839  5373
265 3 Andreas Steffen
 151  -1  -2  4665  7629  5217  2934
266 3 Andreas Steffen
 152   0   2  1311  6833  4048 11099
267 3 Andreas Steffen
 153   1   0 11994  1783 10226  2549
268 3 Andreas Steffen
 154   1   0  9953  5962 11300 10712
269 3 Andreas Steffen
 155   0  -2  2781 11449   395 11045
270 3 Andreas Steffen
 156  -1   4  6768  7744  9122  6955
271 3 Andreas Steffen
 157   0  -2  1288 10720  7913  9198
272 3 Andreas Steffen
 158   0   2  3735  3959  3762  4924
273 3 Andreas Steffen
 159   1   2  2817  4147  6807  6198
274 3 Andreas Steffen
 160   0   0  2935 11500 11190  4051
275 3 Andreas Steffen
 161   0   2  1193  7795 11414  3350
276 3 Andreas Steffen
 162  -1  -2   757  3411  9464  4481
277 3 Andreas Steffen
 163   0  -2  3830  7004 11979   593
278 3 Andreas Steffen
 164   0   0 11945    57  6438  9168
279 3 Andreas Steffen
 165  -2   2  1844   173  7130  9844
280 3 Andreas Steffen
 166   1   0  1055  4376   673   559
281 3 Andreas Steffen
 167   1   0   665  1744 11877  9442
282 3 Andreas Steffen
 168  -1   0   190  3421  9077  5294
283 3 Andreas Steffen
 169  -1   0  5948  4923 10003  9323
284 3 Andreas Steffen
 170   0  -2    66  3154  7238 10273
285 3 Andreas Steffen
 171   1   0  3608  7307  8272 11128
286 3 Andreas Steffen
 172   0  -2 11068 10669  7822 12269
287 3 Andreas Steffen
 173  -1  -2  2289  5725  7793 11084
288 3 Andreas Steffen
 174   0  -2  2045  9528  5770  5250
289 3 Andreas Steffen
 175   0  -2  5369  1937  9741  7669
290 3 Andreas Steffen
 176   0   0  5495   973    32  8740
291 3 Andreas Steffen
 177   1  -2   187  6219 10487 11605
292 3 Andreas Steffen
 178   0   0  6664  3891  6930  9183
293 3 Andreas Steffen
 179   0  -2  8951  3731  4350 10057
294 3 Andreas Steffen
 180   0  -2  2119  8064  2295    14
295 3 Andreas Steffen
 181   0   0  5587  7068 12132   419
296 3 Andreas Steffen
 182   1   0  5551  9660  4283  5818
297 3 Andreas Steffen
 183   1  -2    58   319  9240  1724
298 3 Andreas Steffen
 184   0   2  9694  6238  4742 12274
299 3 Andreas Steffen
 185   2   2  1752 10949  7406  7643
300 3 Andreas Steffen
 186   0   2  4551  4296  5533  7516
301 3 Andreas Steffen
 187   0   0  5809  2080  4616  3169
302 3 Andreas Steffen
 188   0  -2  4805  9682  4940 10345
303 3 Andreas Steffen
 189   0   4  5232 10223  8937  9376
304 3 Andreas Steffen
 190   0  -2  4985  6043  7853   528
305 3 Andreas Steffen
 191   1   0 11937  4497  1366  6015
306 3 Andreas Steffen
 192   1   0  7724  7554 12130  1918
307 3 Andreas Steffen
 193   0  -2  2011  4752  4070  3130
308 3 Andreas Steffen
 194   0   0  8272  1015  1803  3973
309 3 Andreas Steffen
 195  -1   0  7832  7988  9436  5558
310 3 Andreas Steffen
 196   0  -4  8854 10413 11890  8575
311 3 Andreas Steffen
 197   0   0  2277  3600   263 11719
312 3 Andreas Steffen
 198  -1   2  2986  1000  9583 11721
313 3 Andreas Steffen
 199   0   2  2907  8991 11579 11775
314 3 Andreas Steffen
 200   0   2  7872  2207  9525  1285
315 3 Andreas Steffen
 201   1   0  7562  9107  2777  2830
316 3 Andreas Steffen
 202  -2  -2 10678 10608  9041 10880
317 3 Andreas Steffen
 203   0   0   656 11804  3455  2400
318 3 Andreas Steffen
 204  -1  -2  4799  3910  3626  6180
319 3 Andreas Steffen
 205  -1   0  1998  5423  2614  5813
320 3 Andreas Steffen
 206   0   0  2327 11665  8051  2567
321 3 Andreas Steffen
 207   0   0   282  6807  4478  1129
322 3 Andreas Steffen
 208   0  -2  7967  3811 12284  6446
323 3 Andreas Steffen
 209  -1   0  3169 11501 11972 11650
324 3 Andreas Steffen
 210  -1   0  2614  4186  5549 10021
325 3 Andreas Steffen
 211   1  -2 11856 11417 10104  6753
326 3 Andreas Steffen
 212   1   0  3692  2680  3800 12107
327 3 Andreas Steffen
 213   0   2  4639  5506 11526  6189
328 3 Andreas Steffen
 214   0   0  6373  9147  2814  9738
329 3 Andreas Steffen
 215   0   0  1942  1124  9011  3124
330 3 Andreas Steffen
 216   0   2  5163   558 11376  4381
331 3 Andreas Steffen
 217   0   0 11687  9612  8623    84
332 3 Andreas Steffen
 218   0   0  8537  3843 11615    35
333 3 Andreas Steffen
 219   1   0 11885  4846  3711  6409
334 3 Andreas Steffen
 220   0   2  9728  8703  2262  5270
335 3 Andreas Steffen
 221  -1  -2  4928   745  4084  3453
336 3 Andreas Steffen
 222   0   2  2383  5711  4946 10846
337 3 Andreas Steffen
 223   0  -2  2480  3190 11514  2446
338 3 Andreas Steffen
 224   0   2  8786  4156 10444   381
339 3 Andreas Steffen
 225   0   0  7294  3059   859  5500
340 3 Andreas Steffen
 226   0  -2  2793  4752  4311 11196
341 3 Andreas Steffen
 227  -1   2  9428  8892  6184  2715
342 3 Andreas Steffen
 228   1   0  3240  6263  8476  7279
343 3 Andreas Steffen
 229   0   0  2533   993  6898  5972
344 3 Andreas Steffen
 230  -1   2  6513  1130   623  3622
345 3 Andreas Steffen
 231  -1   0  2175   455  8066   855
346 3 Andreas Steffen
 232   1  -2  8930 11192 11277  6039
347 3 Andreas Steffen
 233  -1   0 10052  9546  1723  3691
348 3 Andreas Steffen
 234   0   0 12282 10488  5953 11501
349 3 Andreas Steffen
 235   1   0   966  2764  1478  7550
350 3 Andreas Steffen
 236   0   4  2689  4295   136  7671
351 3 Andreas Steffen
 237   0   0  2735 10452  7686  5468
352 3 Andreas Steffen
 238  -1   0  7155  3804 11767  4710
353 3 Andreas Steffen
 239   1   2  6875  1049  8317  1238
354 3 Andreas Steffen
 240  -1  -2  5800  4804 10126  7221
355 3 Andreas Steffen
 241   0   2 10256  8623  4292 11309
356 3 Andreas Steffen
 242  -1   0  9012  8378  9611  5688
357 3 Andreas Steffen
 243  -1   2  4014  1882  3226 12134
358 3 Andreas Steffen
 244   0   2 11698  2629  1993  9817
359 3 Andreas Steffen
 245   1  -2  9293  4184  3392 10739
360 3 Andreas Steffen
 246   0   2    93   852  8664 11953
361 3 Andreas Steffen
 247   0   2  6230  8044  8507  6969
362 3 Andreas Steffen
 248  -1   2  6093  7622 10297  8445
363 3 Andreas Steffen
 249  -1   0 10974  7821  3675  3517
364 3 Andreas Steffen
 250  -1  -2  4760 11952  9509 11495
365 3 Andreas Steffen
 251   0  -2  7410  5638  8286  2604
366 3 Andreas Steffen
 252   0   0   313  2955  7834  4178
367 3 Andreas Steffen
 253  -1   0  9733  3273 12249 11493
368 3 Andreas Steffen
 254  -1   0   682  9048  9531  3876
369 3 Andreas Steffen
 255   1  -2  2283   179  4322  9567
370 3 Andreas Steffen
 256   0   0 10470  1633  2290  9062
371 3 Andreas Steffen
 257   0  -2 11005  5584  7880  6991
372 3 Andreas Steffen
 258   1  -2  2732  7686  7623  8563
373 3 Andreas Steffen
 259   0   0  8845  9994  6380  2032
374 3 Andreas Steffen
 260   0  -2  9527   785  4071  4639
375 3 Andreas Steffen
 261   0  -2  7141  5116   474  9863
376 3 Andreas Steffen
 262   0   0  8896  9356  8790  4233
377 3 Andreas Steffen
 263   0  -2  8781  5058 11323  5758
378 3 Andreas Steffen
 264  -1  -2  2106  4848  5472  3773
379 3 Andreas Steffen
 265   0   0 10312  2028  1706  5806
380 3 Andreas Steffen
 266  -1   0 11587 11556 10433  7614
381 3 Andreas Steffen
 267  -1   0  9354  4702  4673 11174
382 3 Andreas Steffen
 268   1   2  4179   310  1572  9202
383 3 Andreas Steffen
 269   0   0   231  7881  4637  8778
384 3 Andreas Steffen
 270   0   0 10643 12282  3262 11823
385 3 Andreas Steffen
 271   0   2  4803   573 11021 12201
386 3 Andreas Steffen
 272  -1   0 11942  2736  1772   881
387 3 Andreas Steffen
 273   1   0 10172  5565  7021  1748
388 3 Andreas Steffen
 274   0   2  8091   902 11967  2343
389 3 Andreas Steffen
 275   1   0  6507  2055  1543  1125
390 3 Andreas Steffen
 276   0   0  8363  4684  8421  7891
391 3 Andreas Steffen
 277   0   2 11435  7507  3108  1495
392 3 Andreas Steffen
 278   1   0  1121  5376  1638  8545
393 3 Andreas Steffen
 279   1   2  6659  7231  2291  9356
394 3 Andreas Steffen
 280   2  -2 11535  5948  8451 10276
395 3 Andreas Steffen
 281   0   2  9996  5929 11267 11752
396 3 Andreas Steffen
 282   0   0  9341 11999 10535  9922
397 3 Andreas Steffen
 283   0   0  1156   407  2491  5743
398 3 Andreas Steffen
 284   1   0 10878  9742 11436  7146
399 3 Andreas Steffen
 285   1   0  4269 10191  6723  1057
400 3 Andreas Steffen
 286   0   0  3150  6385 11151  8222
401 3 Andreas Steffen
 287  -1   2 10602 12270  1942 11540
402 3 Andreas Steffen
 288  -1   0  4149  9389  5193   155
403 3 Andreas Steffen
 289   1   0  2220  1914  7033  2039
404 3 Andreas Steffen
 290   1  -2  5849  9681  7990 10354
405 3 Andreas Steffen
 291   0  -2   578  1167  9422  2925
406 3 Andreas Steffen
 292   0   2  2784  4352  1474  8850
407 3 Andreas Steffen
 293   0   2  2831  7803  7941 10471
408 3 Andreas Steffen
 294   1  -2  1505  5309  1529 10706
409 3 Andreas Steffen
 295  -1  -2 12152  3117  1462  5319
410 3 Andreas Steffen
 296   0   0 12015 10147  2163  3011
411 3 Andreas Steffen
 297   0   2 12204  3215 10166   351
412 3 Andreas Steffen
 298  -1   0  3251  7021  9039  9355
413 3 Andreas Steffen
 299   0   0  5488  2986  1862  5927
414 3 Andreas Steffen
 300   1   0  7988   280  3983 11996
415 3 Andreas Steffen
 301   0  -2 11691   944  6647  7206
416 3 Andreas Steffen
 302   0  -2  5811  8894 11593  4438
417 3 Andreas Steffen
 303   1   2 11242  8285  3494  3099
418 3 Andreas Steffen
 304   0   0  1369  3781 11946  9679
419 3 Andreas Steffen
 305   0   0  4923   855 11924  2443
420 3 Andreas Steffen
 306   0   0 10077  6525  5892 12143
421 3 Andreas Steffen
 307   0   0  5765   923  7601  5041
422 3 Andreas Steffen
 308  -1   0 11585  4403  7020  7236
423 3 Andreas Steffen
 309  -1   0  9508 11281  9550  8744
424 3 Andreas Steffen
 310  -1   2  8015  7011  6196   851
425 3 Andreas Steffen
 311   0   0 10282  6674  7084  1139
426 3 Andreas Steffen
 312  -1   0   366  5463  5297 11037
427 3 Andreas Steffen
 313   0   0  3271  3185  6778 10142
428 3 Andreas Steffen
 314  -1   0  6295  3530  2128  3092
429 3 Andreas Steffen
 315  -1   2  2446  9761  5698  9652
430 3 Andreas Steffen
 316   0   0  6414  6084 11668  2854
431 3 Andreas Steffen
 317   1   0  7954 11099  5621  8453
432 3 Andreas Steffen
 318   1   0  8505  3817  6471  8585
433 3 Andreas Steffen
 319   0  -2 10555   260  7709  1873
434 3 Andreas Steffen
 320   0   0  4679  8577  2591  3492
435 3 Andreas Steffen
 321   1   0  4517 10562  7356 10826
436 3 Andreas Steffen
 322   0   0  5129  7378  6792 11094
437 3 Andreas Steffen
 323   1   0 11014  1117   906  7306
438 3 Andreas Steffen
 324  -1  -2  8930  3044  7558  1690
439 3 Andreas Steffen
 325   0  -2 12034  5641  5602  3833
440 3 Andreas Steffen
 326   1   0  4468  8161 11613  1703
441 3 Andreas Steffen
 327   0   0  9452  5643  6465   759
442 3 Andreas Steffen
 328  -1   0  4250  1062  8885  5366
443 3 Andreas Steffen
 329   0   0  2562 11062 10606 12050
444 3 Andreas Steffen
 330   0   0 11004  5092  1145  9690
445 3 Andreas Steffen
 331   0   0  3971  4167  9338 10914
446 3 Andreas Steffen
 332   0  -2  4640  2905  8263  8180
447 3 Andreas Steffen
 333  -1   2 11466 11858  4479  8686
448 3 Andreas Steffen
 334  -2  -2  2263 10527 11374  8335
449 3 Andreas Steffen
 335  -1   2  8803 10486  6140 10827
450 3 Andreas Steffen
 336   0   0  1608 10434   277  3299
451 3 Andreas Steffen
 337   0   0  8846  4037  5405 10610
452 3 Andreas Steffen
 338   0   2  2025  9028 11374   249
453 3 Andreas Steffen
 339   0   0  7495  5760  9448  3603
454 3 Andreas Steffen
 340   0   2    15 10858 10180    53
455 3 Andreas Steffen
 341   0   0  2216   822  8232 10505
456 3 Andreas Steffen
 342   0   0  4552  6213  8198  2721
457 3 Andreas Steffen
 343  -1   0  8537 12065  4985  6616
458 3 Andreas Steffen
 344   1   0    59  1083  5343  4975
459 3 Andreas Steffen
 345   0   0  6820  2485  7426  8044
460 3 Andreas Steffen
 346   0  -2    79  3592   780  2094
461 3 Andreas Steffen
 347   0   2  6060  2269  1661  5628
462 3 Andreas Steffen
 348  -1   0   483  7927  6962  9842
463 3 Andreas Steffen
 349  -1   0 10399 11975   182  8453
464 3 Andreas Steffen
 350   1   2 10965  8081  9568 12240
465 3 Andreas Steffen
 351  -1   0  6177  9642 10608  1217
466 3 Andreas Steffen
 352   0  -2  3647  7424  6312 11588
467 3 Andreas Steffen
 353   0  -2 10821  5412  7478  9670
468 3 Andreas Steffen
 354   0   2  7993  8400  9262  9133
469 3 Andreas Steffen
 355   0  -2 12183  9287  5467  4145
470 3 Andreas Steffen
 356   1  -2 11881 11278  2062  2271
471 3 Andreas Steffen
 357   0   0 11023 11205  4098  9315
472 3 Andreas Steffen
 358   0   0  2486  1161  4531 11806
473 3 Andreas Steffen
 359   0   2  7820  8932  2128  6164
474 3 Andreas Steffen
 360   0  -2  4830  2661  6650  6782
475 3 Andreas Steffen
 361   0   0  1280  8451  7065  2723
476 3 Andreas Steffen
 362   1  -4  3505  2948  7690 10249
477 3 Andreas Steffen
 363   0   0  1931   604   857 11619
478 3 Andreas Steffen
 364  -1   0  4519  1694  1682  7386
479 3 Andreas Steffen
 365   1   0  7001  5943 10006  9007
480 3 Andreas Steffen
 366   1   0  6867  7829  3179  9453
481 3 Andreas Steffen
 367   0   2  6439  1013  9753   968
482 3 Andreas Steffen
 368   0  -2   471  7027  6703  4401
483 3 Andreas Steffen
 369   0   2 10693  6320  2472  5896
484 3 Andreas Steffen
 370   1   0  6616  5825  5027  4446
485 3 Andreas Steffen
 371   0  -4  2610  2936 10741 11669
486 3 Andreas Steffen
 372  -1   0 10505  5607  7619 11326
487 3 Andreas Steffen
 373  -1   0  8796  8925  6540   641
488 3 Andreas Steffen
 374   0   0  7862  9942  2067  7361
489 3 Andreas Steffen
 375   2   2  5933 11598  7281  2337
490 3 Andreas Steffen
 376   0   0  4397  9644  2961   575
491 3 Andreas Steffen
 377   0   0 11546  3667    60   496
492 3 Andreas Steffen
 378   0   2 10359   897  6655  9940
493 3 Andreas Steffen
 379   0   0  8042 11627  7627  4091
494 3 Andreas Steffen
 380   0   2  7229  5196 10305  4323
495 3 Andreas Steffen
 381   0   2 11076  8341  5590   590
496 3 Andreas Steffen
 382   1  -2  5915   587  3514 10997
497 3 Andreas Steffen
 383   0   0  4235  5733  1374  7164
498 3 Andreas Steffen
 384   0  -2  6883  2313  3411   910
499 3 Andreas Steffen
 385   2   0  5537  5149   391 10153
500 3 Andreas Steffen
 386   0   0  4786  9993 11959  7183
501 3 Andreas Steffen
 387   1   0  8660  4137  8672  1422
502 3 Andreas Steffen
 388  -1   0 10388  8443  6742  3136
503 3 Andreas Steffen
 389  -1   0  3028  4136  7848  1024
504 3 Andreas Steffen
 390  -1  -2  3013  9457  3424  5692
505 3 Andreas Steffen
 391   0   2  6434 10654   246  8185
506 3 Andreas Steffen
 392  -1   0  5801  5730   384  4298
507 3 Andreas Steffen
 393   0   0  3559 11131  6623  3040
508 3 Andreas Steffen
 394   0   2  6911  3462  6279 10768
509 3 Andreas Steffen
 395   0   0  2559 11098  1487  5746
510 3 Andreas Steffen
 396   0   0  6942  1081  5465  2597
511 3 Andreas Steffen
 397   0   0  6852   666  5872  6467
512 3 Andreas Steffen
 398   0   0 10873  4863 11256  4225
513 3 Andreas Steffen
 399   1  -2  3670   513  2689  1203
514 3 Andreas Steffen
 400   1   0 11066  6794  6433  4163
515 3 Andreas Steffen
 401   0   2  4927 11148  7593  4700
516 3 Andreas Steffen
 402   0   2  5570  7675  6432  9507
517 3 Andreas Steffen
 403   0   0  9882 11756 11480  4705
518 3 Andreas Steffen
 404   1   2  9553  7076  9700  2926
519 3 Andreas Steffen
 405  -1   2  9678 12074  7468 11797
520 3 Andreas Steffen
 406   0   2  3955  2530 10255 10763
521 3 Andreas Steffen
 407   1   0 10843  8488 12022  6421
522 3 Andreas Steffen
 408   0   0  2514  2611  6629  2177
523 3 Andreas Steffen
 409  -2  -2  1934  6748  5463  3878
524 3 Andreas Steffen
 410   1  -2  2677  5860  4847 11948
525 3 Andreas Steffen
 411   1   0  2065  8327  9459  7023
526 3 Andreas Steffen
 412   0   0  6908  5681   530  4705
527 3 Andreas Steffen
 413   0   0 10718  6791  9883 10546
528 3 Andreas Steffen
 414  -1   0 10338 11007  3468  2087
529 3 Andreas Steffen
 415   1   0  7817   625 11048  7745
530 3 Andreas Steffen
 416   0   0 11023  4466 10734 10811
531 3 Andreas Steffen
 417   0   0  6306  7136  5359  9233
532 3 Andreas Steffen
 418   0   0  1858 10575  2337 11205
533 3 Andreas Steffen
 419   0   0  1118  2777  6009  7711
534 3 Andreas Steffen
 420   1   0  8755  4003  5535  8938
535 3 Andreas Steffen
 421  -1   0 12259  1775  2505  8171
536 3 Andreas Steffen
 422   0   0  5186 12038  9054  9707
537 3 Andreas Steffen
 423  -1   0  8317  9867  2073  6580
538 3 Andreas Steffen
 424   0  -2  3750  7074  7221 12191
539 3 Andreas Steffen
 425  -1  -2  7076  6288  3318 10214
540 3 Andreas Steffen
 426   0   0  4066  8076 12163  3442
541 3 Andreas Steffen
 427   1   2  5009   366 10803  1339
542 3 Andreas Steffen
 428   2   0  7392  9060  4955 11591
543 3 Andreas Steffen
 429  -1  -4  9381  8187  9349  5579
544 3 Andreas Steffen
 430   0   0  6499  4642  5787 12187
545 3 Andreas Steffen
 431   1   2 11461 11653  3278  7917
546 3 Andreas Steffen
 432   1   0  8976  7597   613  6477
547 3 Andreas Steffen
 433   0  -2  9335 10397  6485 11019
548 3 Andreas Steffen
 434   0  -2  7590  5554  4787  9128
549 3 Andreas Steffen
 435  -1  -2  7109  7497   615  8655
550 3 Andreas Steffen
 436   1   2  5984   709  9806  6063
551 3 Andreas Steffen
 437   1   0  4451  1057  1327  2187
552 3 Andreas Steffen
 438   0   0  6532  2071  1809  9139
553 3 Andreas Steffen
 439   0   0  5657  1586 11166  5121
554 3 Andreas Steffen
 440   0   0  3926  7845  1167  7773
555 3 Andreas Steffen
 441   0   0  6347   293  1762 11582
556 3 Andreas Steffen
 442   0   0 12239 10323  4500  6461
557 3 Andreas Steffen
 443   1  -2  1977  3819  4233  7946
558 3 Andreas Steffen
 444   0   0  5851  9874  3996  8822
559 3 Andreas Steffen
 445  -1   2  3107  3834  5546  9707
560 3 Andreas Steffen
 446   1   0  5636 11215 11094  5276
561 3 Andreas Steffen
 447  -1   0 12270  4649     5 11911
562 3 Andreas Steffen
 448   1  -2  6452   394  1732  3872
563 3 Andreas Steffen
 449  -2   0 11019   764  1006 10907
564 3 Andreas Steffen
 450   0  -4 11659  6297  4922  4827
565 3 Andreas Steffen
 451   1   2   890  9098 11786  3678
566 3 Andreas Steffen
 452   1   2  7670  7736  2460 10669
567 3 Andreas Steffen
 453   0   2  2047  7505 11511  3057
568 3 Andreas Steffen
 454   0   0 12148  5933  9508  9426
569 3 Andreas Steffen
 455   0   0  5596  3895  2879  7412
570 3 Andreas Steffen
 456   0   2  6504  2290  4180  9071
571 3 Andreas Steffen
 457   1   0  8051   946   316 11380
572 3 Andreas Steffen
 458   0  -2  2479 10389  6976  2480
573 3 Andreas Steffen
 459  -1   0 10512 10125  6279  6329
574 3 Andreas Steffen
 460   0   0  4709  6976  7912  6808
575 3 Andreas Steffen
 461   0   2  6605  9934 10200 10093
576 3 Andreas Steffen
 462  -1   0   949  7882  3698  1544
577 3 Andreas Steffen
 463   1  -2 10292  3467   350  3293
578 3 Andreas Steffen
 464   1   0  6448  9423  1313  2345
579 3 Andreas Steffen
 465   0   2   692  6812  7583  6050
580 3 Andreas Steffen
 466   1   0  3635  4184  2733  3816
581 3 Andreas Steffen
 467   0   0 12067  5816 10128 11192
582 3 Andreas Steffen
 468   0   0  9902  8712 11275  6813
583 3 Andreas Steffen
 469   0   0 10938  7970  1902  7019
584 3 Andreas Steffen
 470   1   0  9568  4228   242  5633
585 3 Andreas Steffen
 471   0   0  2196  5792  6794 10300
586 3 Andreas Steffen
 472   0   0  4075   157  8672  2560
587 3 Andreas Steffen
 473   0  -4  2110  3629  9461  9122
588 3 Andreas Steffen
 474  -2  -2  3412  4091  7245  4018
589 3 Andreas Steffen
 475   0   0 11653    40  5765 10897
590 3 Andreas Steffen
 476   0   0 10799   728  9056 10951
591 3 Andreas Steffen
 477   0   0  2114  2282  3786   314
592 3 Andreas Steffen
 478  -1   2   817 10585  8784 10553
593 3 Andreas Steffen
 479  -1   0  3705 12125  8654  5792
594 3 Andreas Steffen
 480   0  -4  1808  8664   196  4624
595 3 Andreas Steffen
 481  -1   2  5841  1907  7238  7769
596 3 Andreas Steffen
 482   0   0  8769  9263  6687   676
597 3 Andreas Steffen
 483   0   0  3412  9123  9517  1111
598 3 Andreas Steffen
 484  -1   0  4204    49 11892  6011
599 3 Andreas Steffen
 485  -1   0 11196   448  3872  2642
600 3 Andreas Steffen
 486   0   0   651  2142  3834  6611
601 3 Andreas Steffen
 487   1   4  7208 10823  6626 12033
602 3 Andreas Steffen
 488   0  -2  8558 10995 11169  2660
603 3 Andreas Steffen
 489   0   0  7955  2079  1785  7697
604 3 Andreas Steffen
 490   1   0  5565 11081  6935  1449
605 3 Andreas Steffen
 491   0   2 11661  2880 10737   887
606 3 Andreas Steffen
 492  -1  -2  2546  3372  1543  2424
607 3 Andreas Steffen
 493   1   0  1667 10715  7245 11246
608 3 Andreas Steffen
 494   0   0    93   456  1273  2563
609 3 Andreas Steffen
 495   0   0  3205  2733  6176  7453
610 3 Andreas Steffen
 496   1   0 12191  7834  2926 12258
611 3 Andreas Steffen
 497   0   0  3788  5251   935  6085
612 3 Andreas Steffen
 498   0   0 10114 12224  8954 11395
613 3 Andreas Steffen
 499   0  -2  7464   568  5744  7972
614 3 Andreas Steffen
 500  -1   0  1992  6344 10425  3471
615 3 Andreas Steffen
 501  -1   0  5249  7024   675  3466
616 3 Andreas Steffen
 502   0   2  8334  3338  1945  4805
617 3 Andreas Steffen
 503   0   0  8566   837  6796  2416
618 3 Andreas Steffen
 504  -1   2  1905  3844  2872  1612
619 3 Andreas Steffen
 505   0   2   377  8680  5459   608
620 3 Andreas Steffen
 506   0   0  1990  7692 10261  6844
621 3 Andreas Steffen
 507   0   2  5170  9084 10608  4433
622 3 Andreas Steffen
 508   0   0 11365  3048 11553  3451
623 3 Andreas Steffen
 509   0  -2 12098  6095 11214  3125
624 3 Andreas Steffen
 510   1  -2  1431  2633 10329  5488
625 3 Andreas Steffen
 511  -1  -2  3846  4226  8410  4614
626 3 Andreas Steffen
</pre>
627 10 Andreas Steffen
Shown are the 512 small coefficients of the private keys *f* = *s1* and *g* = 2 * *s2* + 1 as well as their Number Theoretic Transforms (NTT) *F* and *G*, respectively. The BLISS public key *A* is computed as the component-wise inverse of *F* * *G* and the reverse NTT gives *a* = 1/(*f* * *g*) mod q with the 14 bit modulus q = 12289. Sometime it happens that *F* * *G* is not invertible, so that the following debug message is output
628 4 Andreas Steffen
<pre>
629 4 Andreas Steffen
S1[91] is zero - s1 is not invertible
630 4 Andreas Steffen
</pre>
631 4 Andreas Steffen
and another trial run is started.
632 7 Andreas Steffen
633 10 Andreas Steffen
h2. BLISS Root CA Certificate Generation
634 7 Andreas Steffen
635 7 Andreas Steffen
A self-signed BLISS CA certificate can be generated with the following command
636 7 Andreas Steffen
<pre>
637 21 Andreas Steffen
pki --self --type bliss --in cakey4.pem --ca --dn "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" --lifetime 3653 --debug 2 --outform pem > cacert4.pem
638 7 Andreas Steffen
639 7 Andreas Steffen
  file content is not binary ASN.1
640 7 Andreas Steffen
  -----BEGIN BLISS PRIVATE KEY-----
641 7 Andreas Steffen
  -----END BLISS PRIVATE KEY-----
642 7 Andreas Steffen
643 7 Andreas Steffen
L0 - BLISSPrivateKey:
644 7 Andreas Steffen
L1 - keyType:
645 7 Andreas Steffen
  'BLISS-IV'
646 7 Andreas Steffen
L1 - public:
647 7 Andreas Steffen
L1 - secret1:
648 7 Andreas Steffen
L1 - secret2:
649 8 Andreas Steffen
650 7 Andreas Steffen
L0 - subjectPublicKeyInfo:
651 7 Andreas Steffen
L1 - algorithm:
652 7 Andreas Steffen
L2 - algorithmIdentifier:
653 7 Andreas Steffen
L3 - algorithm:
654 7 Andreas Steffen
  'blissPublicKey'
655 7 Andreas Steffen
L3 - parameters:
656 7 Andreas Steffen
L4 - blissKeyType:
657 7 Andreas Steffen
  'BLISS-IV'
658 7 Andreas Steffen
L1 - subjectPublicKey:
659 7 Andreas Steffen
660 7 Andreas Steffen
mgf1 based on sha256 is seeded with 32 octets
661 11 Andreas Steffen
y1 = -859..738 (sigma2 = 71786, mean = -6.6)
662 11 Andreas Steffen
y2 = -852..644 (sigma2 = 65618, mean =  2.0)
663 11 Andreas Steffen
norm2(s1*c) + norm2(s2*c) = 63602, rejected
664 11 Andreas Steffen
mgf1 generated 10304 octets
665 1 Andreas Steffen
666 1 Andreas Steffen
mgf1 based on sha256 is seeded with 32 octets
667 11 Andreas Steffen
y1 = -942..726 (sigma2 = 81503, mean = -8.6)
668 11 Andreas Steffen
y2 = -876..893 (sigma2 = 69883, mean =  2.4)
669 11 Andreas Steffen
norm2(s1*c) + norm2(s2*c) = 66020, accepted
670 11 Andreas Steffen
scalar(z1,s1*c) + scalar(z2,s2*c) = 86651, rejected
671 11 Andreas Steffen
mgf1 generated 10528 octets
672 1 Andreas Steffen
673 11 Andreas Steffen
mgf1 based on sha256 is seeded with 32 octets
674 11 Andreas Steffen
y1 = -862..785 (sigma2 = 72628, mean = -7.1)
675 11 Andreas Steffen
y2 = -782..921 (sigma2 = 74618, mean =  4.1)
676 11 Andreas Steffen
norm2(s1*c) + norm2(s2*c) = 64940, accepted
677 11 Andreas Steffen
scalar(z1,s1*c) + scalar(z2,s2*c) = -176380, accepted
678 7 Andreas Steffen
679 11 Andreas Steffen
z1 = -873..780, z2d = -3..4
680 11 Andreas Steffen
681 11 Andreas Steffen
efficiency of Huffman coder is 3.4121 bits/tuple (1747 bits)
682 11 Andreas Steffen
generated BLISS signature (6706 bits encoded in 839 bytes)
683 11 Andreas Steffen
684 11 Andreas Steffen
signature generation needed 3 rounds
685 11 Andreas Steffen
mgf1 generated 10656 octets
686 10 Andreas Steffen
</pre>
687 11 Andreas Steffen
With a debug level of 2 you get quite a lot of debug information. Starting from the top, the automatic conversion from PEM to DER format is shown, followed by the ASN.1 encoding of the BLISS private key from which the BLISS public key is extracted. Then in order to generate the BLISS certificate signature, two vectors *y1* and *y2* with 512 random numbers tightly following a Gaussian probability distribution using rejection sampling are generated. This process usually requires several rounds and a lot of random bits are used. The BLISS signature finally consists of the random vectors *z1* and *z2* as well as the sparse challenge vector *c*.
688 10 Andreas Steffen
689 10 Andreas Steffen
A BLISS certificate can be displayed at any time with
690 10 Andreas Steffen
<pre>
691 13 Andreas Steffen
pki --print --debug 2 --in cacert4.pem
692 10 Andreas Steffen
693 1 Andreas Steffen
L0 - x509:
694 10 Andreas Steffen
L1 - tbsCertificate:
695 10 Andreas Steffen
L2 - DEFAULT v1:
696 10 Andreas Steffen
L3 - version:
697 10 Andreas Steffen
  X.509v3
698 10 Andreas Steffen
L2 - serialNumber:
699 10 Andreas Steffen
L2 - signature:
700 10 Andreas Steffen
L3 - algorithmIdentifier:
701 10 Andreas Steffen
L4 - algorithm:
702 10 Andreas Steffen
  'BLISS-with-SHA512'
703 10 Andreas Steffen
L2 - issuer:
704 12 Andreas Steffen
  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
705 10 Andreas Steffen
L2 - validity:
706 10 Andreas Steffen
L3 - notBefore:
707 10 Andreas Steffen
L4 - utcTime:
708 11 Andreas Steffen
  'Dec 13 12:01:57 UTC 2014'
709 10 Andreas Steffen
L3 - notAfter:
710 10 Andreas Steffen
L4 - utcTime:
711 11 Andreas Steffen
  'Dec 13 12:01:57 UTC 2024'
712 10 Andreas Steffen
L2 - subject:
713 12 Andreas Steffen
  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
714 1 Andreas Steffen
L2 - subjectPublicKeyInfo:
715 1 Andreas Steffen
-- > --
716 1 Andreas Steffen
  L0 - subjectPublicKeyInfo:
717 1 Andreas Steffen
  L1 - algorithm:
718 1 Andreas Steffen
  L2 - algorithmIdentifier:
719 1 Andreas Steffen
  L3 - algorithm:
720 1 Andreas Steffen
    'blissPublicKey'
721 1 Andreas Steffen
  L3 - parameters:
722 1 Andreas Steffen
  L0 - subjectPublicKeyInfo:
723 1 Andreas Steffen
  L1 - algorithm:
724 1 Andreas Steffen
  L2 - algorithmIdentifier:
725 1 Andreas Steffen
  L3 - algorithm:
726 1 Andreas Steffen
    'blissPublicKey'
727 1 Andreas Steffen
  L3 - parameters:
728 1 Andreas Steffen
  L4 - blissKeyType:
729 1 Andreas Steffen
    'BLISS-IV'
730 1 Andreas Steffen
  L1 - subjectPublicKey:
731 1 Andreas Steffen
-- < --
732 11 Andreas Steffen
L2 - optional extensions:
733 11 Andreas Steffen
L3 - extensions:
734 11 Andreas Steffen
L4 - extension:
735 11 Andreas Steffen
L5 - extnID:
736 11 Andreas Steffen
  'basicConstraints'
737 11 Andreas Steffen
L5 - critical:
738 11 Andreas Steffen
  TRUE
739 11 Andreas Steffen
L5 - extnValue:
740 11 Andreas Steffen
L6 - basicConstraints:
741 11 Andreas Steffen
L7 - CA:
742 11 Andreas Steffen
  TRUE
743 11 Andreas Steffen
L4 - extension:
744 11 Andreas Steffen
L5 - extnID:
745 11 Andreas Steffen
  'keyUsage'
746 11 Andreas Steffen
L5 - critical:
747 11 Andreas Steffen
  TRUE
748 11 Andreas Steffen
L5 - extnValue:
749 11 Andreas Steffen
L4 - extension:
750 11 Andreas Steffen
L5 - extnID:
751 11 Andreas Steffen
  'subjectKeyIdentifier'
752 11 Andreas Steffen
L5 - critical:
753 11 Andreas Steffen
  FALSE
754 11 Andreas Steffen
L5 - extnValue:
755 11 Andreas Steffen
L6 - keyIdentifier:
756 10 Andreas Steffen
L1 - signatureAlgorithm:
757 1 Andreas Steffen
L2 - algorithmIdentifier:
758 1 Andreas Steffen
L3 - algorithm:
759 1 Andreas Steffen
  'BLISS-with-SHA512'
760 1 Andreas Steffen
L1 - signatureValue:
761 10 Andreas Steffen
762 11 Andreas Steffen
z1 = -873..780, z2d = -3..4
763 10 Andreas Steffen
764 10 Andreas Steffen
cert:      X509
765 12 Andreas Steffen
subject:  "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
766 12 Andreas Steffen
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
767 11 Andreas Steffen
validity:  not before Dec 13 13:01:57 2014, ok
768 11 Andreas Steffen
           not after  Dec 13 13:01:57 2024, ok (expires in 3652 days)
769 11 Andreas Steffen
serial:    12:a0:ca:85:51:b9:f3:27
770 11 Andreas Steffen
flags:     CA CRLSign self-signed
771 10 Andreas Steffen
subjkeyId: 37:f4:9e:f8:b7:50:ed:d4:29:16:72:58:b4:b1:f1:f5:46:c9:54:71
772 10 Andreas Steffen
pubkey:    BLISS 192 bits strength
773 10 Andreas Steffen
keyid:     55:ee:7a:31:44:e5:a0:cf:b6:c9:a7:17:98:c9:60:a7:eb:d0:4e:4f
774 11 Andreas Steffen
subjkey:   37:f4:9e:f8:b7:50:ed:d4:29:16:72:58:b4:b1:f1:f5:46:c9:54:71
775 10 Andreas Steffen
</pre>
776 11 Andreas Steffen
If you are not interested in any detailed information then just creat a self-signed BLISS CA certificate with
777 10 Andreas Steffen
<pre>
778 21 Andreas Steffen
pki --self --type bliss --in cakey1.der --ca --dn "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" --lifetime 3653 > cacert1.der
779 10 Andreas Steffen
</pre>
780 10 Andreas Steffen
and view it with
781 10 Andreas Steffen
<pre>
782 13 Andreas Steffen
pki --print --in cacert1.der
783 11 Andreas Steffen
784 10 Andreas Steffen
cert:      X509
785 12 Andreas Steffen
subject:  "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
786 12 Andreas Steffen
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
787 11 Andreas Steffen
validity:  not before Dec 13 12:58:21 2014, ok
788 1 Andreas Steffen
           not after  Dec 13 12:58:21 2024, ok (expires in 3652 days)
789 1 Andreas Steffen
serial:    5d:06:0d:4b:69:64:84:62
790 1 Andreas Steffen
flags:     CA CRLSign self-signed
791 1 Andreas Steffen
subjkeyId: f3:60:55:bc:0b:49:c4:8a:a6:38:cc:ad:72:67:e5:91:7c:b8:a4:f5
792 1 Andreas Steffen
pubkey:    BLISS 128 bits strength
793 1 Andreas Steffen
keyid:     df:78:00:c4:b4:13:e7:fd:4f:05:dd:39:1a:2e:2b:c5:65:39:10:f4
794 1 Andreas Steffen
subjkey:   f3:60:55:bc:0b:49:c4:8a:a6:38:cc:ad:72:67:e5:91:7c:b8:a4:f5
795 1 Andreas Steffen
</pre>
796 12 Andreas Steffen
797 16 Andreas Steffen
h2. BLISS End Entity Certificate Generation
798 12 Andreas Steffen
799 12 Andreas Steffen
We are now going to generate a BLISS-I key pair for user Carol:
800 12 Andreas Steffen
<pre>
801 12 Andreas Steffen
pki --gen --type bliss --size 1 > carolKey.der
802 12 Andreas Steffen
803 12 Andreas Steffen
secret key generation succeeded after 2 trials
804 12 Andreas Steffen
</pre>
805 12 Andreas Steffen
Next we create a self-signed PKCS#10 certificate request
806 12 Andreas Steffen
<pre>
807 12 Andreas Steffen
 pki --req --type bliss --in carolKey.der --dn "C=CH, O=strongSwan Project, CN=carol@strongswan.org" --san carol@strongswan.org > carolReq.der
808 12 Andreas Steffen
</pre>
809 12 Andreas Steffen
which is used as the input for the CA to create a signed end entity certificate:
810 12 Andreas Steffen
<pre>
811 13 Andreas Steffen
 pki --issue --type pkcs10 --in carolReq.der --cacert cacert4.pem --cakey cakey4.pem --crl http://crl.strongswan.org/bliss.crl --flag clientAuth > carolCert.der
812 12 Andreas Steffen
</pre>
813 12 Andreas Steffen
and which has the following content
814 12 Andreas Steffen
<pre>
815 13 Andreas Steffen
pki --print --in carolCert.der
816 12 Andreas Steffen
817 12 Andreas Steffen
cert:      X509
818 12 Andreas Steffen
subject:  "C=CH, O=strongSwan Project, CN=carol@strongswan.org"
819 12 Andreas Steffen
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
820 12 Andreas Steffen
validity:  not before Dec 13 13:20:34 2014, ok
821 1 Andreas Steffen
           not after  Dec 12 13:20:34 2017, ok (expires in 1094 days)
822 1 Andreas Steffen
serial:    38:a9:13:10:c2:ed:ed:c3
823 1 Andreas Steffen
altNames:  carol@strongswan.org
824 1 Andreas Steffen
flags:     clientAuth
825 1 Andreas Steffen
CRL URIs:  http://crl.strongswan.org/bliss.crl
826 12 Andreas Steffen
authkeyId: 37:f4:9e:f8:b7:50:ed:d4:29:16:72:58:b4:b1:f1:f5:46:c9:54:71
827 12 Andreas Steffen
subjkeyId: 8b:a3:c5:11:00:bb:84:55:dd:b8:4b:20:04:d9:58:77:57:ba:d8:3c
828 12 Andreas Steffen
pubkey:    BLISS 128 bits strength
829 12 Andreas Steffen
keyid:     5b:cf:17:14:a8:d8:aa:bc:40:f3:21:95:a9:67:7d:20:af:66:4e:c2
830 12 Andreas Steffen
subjkey:   8b:a3:c5:11:00:bb:84:55:dd:b8:4b:20:04:d9:58:77:57:ba:d8:3c
831 13 Andreas Steffen
</pre>
832 13 Andreas Steffen
833 13 Andreas Steffen
h2. IKEv2 Public Key Authentication using BLISS Signatures
834 13 Andreas Steffen
835 36 Andreas Steffen
The "ikev2/rw-ntru-bliss":http://www.strongswan.org/uml/testresults5/ikev2/rw-ntru-bliss/ strongSwan remote-access VPN scenario shows the practical use of IKEv2 public key authentication based on BLISS signatures. The larger size of the BLISS signatures and certificates compared to RSA is not a problem because IKEv2 Message Fragmentation ("RFC 7383":http://tools.ietf.org/html/rfc7383) is being used:
836 15 Andreas Steffen
837 15 Andreas Steffen
IKE_AUTH Request
838 14 Andreas Steffen
<pre>
839 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[IKE] sending end entity cert "C=CH, O=Linux strongSwan, OU=BLISS I, CN=carol@strongswan.org"
840 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[IKE] establishing CHILD_SA home
841 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
842 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[ENC] splitting IKE message with length of 3232 bytes into 3 fragments
843 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
844 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
845 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
846 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
847 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
848 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (452 bytes)
849 14 Andreas Steffen
</pre>
850 15 Andreas Steffen
851 15 Andreas Steffen
IKE_AUTH Response
852 14 Andreas Steffen
<pre>
853 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
854 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 03[ENC] parsed IKE_AUTH response 1 [ EF ]
855 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 03[ENC] received fragment #1 of 3, waiting for complete IKE message
856 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
857 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 03[ENC] parsed IKE_AUTH response 1 [ EF ]
858 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 03[ENC] received fragment #2 of 3, waiting for complete IKE message
859 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (548 bytes)
860 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ EF ]
861 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[ENC] received fragment #3 of 3, reassembling fragmented IKE message
862 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
863 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[IKE] received end entity cert "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
864 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   using certificate "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
865 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
866 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
867 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan_bliss.crl' ...
868 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
869 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
870 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   crl is valid: until Jan 11 12:36:45 2015
871 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG] certificate status is good
872 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   reached self-signed root ca with a path length of 0
873 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[IKE] authentication of 'moon.strongswan.org' with BLISS signature successful
874 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[IKE] IKE_SA home[1] established between 192.168.0.100[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]
875 14 Andreas Steffen
</pre>
876 22 Andreas Steffen
BTW- the key exchange method used is [[NTRU|NTRU Encryption]] so that the strongSwan IPsec connection setup is not vulnerable to quantum computer based key attacks:
877 15 Andreas Steffen
878 15 Andreas Steffen
IKE_SA_INIT Request
879 14 Andreas Steffen
<pre>
880 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 12[IKE] initiating IKE_SA home[1] to 192.168.0.1
881 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 12[LIB] 128 bit optimum NTRU parameter set ees439ep1 selected
882 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 12[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) V ]
883 1 Andreas Steffen
Dec 12 13:53:11 carol charon: 12[NET] sending packet: from 192.168.0.100[500] to 192.168.0.1[500] (813 bytes)
884 1 Andreas Steffen
</pre>
885 16 Andreas Steffen
886 16 Andreas Steffen
h2. Design Details on BLISS Signatures
887 16 Andreas Steffen
888 19 Andreas Steffen
* For Gaussian sampling we are using a Bernoulli Sampler as described in "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 but currently not a Cumulative Distribution Table (CDT). This means the Gaussian rejection sampling currently requires a lot of random material which is produced using the "MGF1":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/crypto/mgf1/mgf1.h Mask Generation Function ("RFC 2437":http://tools.ietf.org/html/rfc2437#section-10.2.1) seeded by a true random source. The hash function used with MGF1 is currently SHA-1 for cryptographic strengths up to 160 bits, and SHA-256 for strengths up to 256 bits but we think about generally switching to SHA-512 since that hash function is used for the random oracle used by the BLISS signature anyway and SHA-512 performance is usually superior to SHA-256 on 64 bit platforms.
889 19 Andreas Steffen
890 35 Andreas Steffen
* In order to minimize the BLISS signature size, a set of [[BlissHuffmanCodes|Huffman Codes]] is used to encode the tuples (abs(z1[i]) >> 8, z2d[i]), with i = 0 .. 511. The sign and lower 8 bits of z1[i] are encoded using a fixed 9 bit field as described by Thomas Pöppelmann, Léo Ducas and Tim Güneysu in "Enhanced Lattice-Based Signatures on Reconfigurable Hardware":http://eprint.iacr.org/2014/254.pdf.
891 1 Andreas Steffen
892 35 Andreas Steffen
* Measured BLISS Signature Size*
893 33 Andreas Steffen
894 34 Andreas Steffen
  |Scheme    |Bit-packed  |Partially Huffman-coded     |Compression Rates        |
895 34 Andreas Steffen
  |BLISS-I   |>.7375 bits |>.5718 .. 5793 .. 5884 bits |>.22.5 .. 21.4 .. 20.2 % |
896 34 Andreas Steffen
  |BLISS-III |>.7950 bits |>.6093 .. 6167 .. 6255 bits |>.23.4 .. 22.4 .. 21.3 % |
897 1 Andreas Steffen
  |BLISS-IV  |>.8543 bits |>.6644 .. 6725 .. 6784 bits |>.22.3 .. 21.3 .. 20.6 % |
898 35 Andreas Steffen
899 35 Andreas Steffen
  *statistics based on a measurement set of 50 signatures, each
900 23 Andreas Steffen
901 23 Andreas Steffen
h2. ASN.1 Syntax
902 23 Andreas Steffen
903 26 Andreas Steffen
h3. Object Identifiers
904 26 Andreas Steffen
905 26 Andreas Steffen
<pre>
906 26 Andreas Steffen
id-bliss { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) ita(36906) bliss(5) }
907 26 Andreas Steffen
908 26 Andreas Steffen
keyType { id-bliss 1 }
909 26 Andreas Steffen
910 26 Andreas Steffen
blissPublicKey { keyType 1 }
911 26 Andreas Steffen
912 26 Andreas Steffen
parameters { id-bliss 2 }
913 26 Andreas Steffen
914 26 Andreas Steffen
blissI   = { parameters 1 }
915 26 Andreas Steffen
blissII  = { parameters 2 }
916 26 Andreas Steffen
blissIII = { parameters 3 }
917 26 Andreas Steffen
blissIV  = { parameters 4 }
918 26 Andreas Steffen
919 26 Andreas Steffen
920 27 Andreas Steffen
blissSigType = { id-bliss 3 }
921 26 Andreas Steffen
922 27 Andreas Steffen
blissWithSha512 = { blissSigType 1 }
923 26 Andreas Steffen
</pre>
924 26 Andreas Steffen
925 23 Andreas Steffen
h3. BLISS Private Key
926 23 Andreas Steffen
927 23 Andreas Steffen
<pre>
928 23 Andreas Steffen
BlissPrivateKey  ::= SEQUENCE {
929 27 Andreas Steffen
    parameter OBJECT IDENTIFIER,
930 27 Andreas Steffen
    public    BIT STRING, -- A
931 27 Andreas Steffen
    secret1   BIT STRING, -- s1
932 27 Andreas Steffen
    secret2   BIT STRING  -- s2 }
933 23 Andreas Steffen
</pre>
934 23 Andreas Steffen
935 29 Andreas Steffen
As *parameter* one of the BLISS parameters OIDs *blissI* .. *blissIV* is used.
936 1 Andreas Steffen
937 28 Andreas Steffen
h3. BLISS Public Key
938 29 Andreas Steffen
939 1 Andreas Steffen
<pre>
940 28 Andreas Steffen
SubjectPublicKeyInfo  ::=  SEQUENCE  {
941 28 Andreas Steffen
    algorithm         AlgorithmIdentifier,
942 28 Andreas Steffen
    subjectPublicKey  BIT STRING  }
943 1 Andreas Steffen
944 28 Andreas Steffen
AlgorithmIdentifier  ::=  SEQUENCE  {
945 28 Andreas Steffen
    algorithm         OBJECT IDENTIFIER,
946 28 Andreas Steffen
    parameters        OBJECT IDENTIFER }
947 23 Andreas Steffen
</pre>
948 1 Andreas Steffen
949 30 Andreas Steffen
As *algorithm* the *blissPublicKey* OID is used and *parameters* indicates one of the BLISS parameter OIDs *blissI* .. *blissIV*. 
950 23 Andreas Steffen