Version 47 - History - Bimodal Lattice Signature Scheme (BLISS) - strongSwan

Bimodal Lattice Signature Scheme (BLISS) » History » Version 47

Andreas Steffen, 07.05.2015 08:09

-Andreas Steffen
+h1. Bimodal Lattice Signature Scheme (BLISS)
 Andreas Steffen
-Andreas Steffen
+{{>toc}}
 Andreas Steffen
-Andreas Steffen
+BLISS is a post-quantum signature scheme based on the CRYPTO 2013 paper "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 by Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Starting with the strongSwan [[5.2.2]] release we offer BLISS as an IKEv2 public key authentication method. We also added full BLISS key and certificate generation support to the strongSwan [[IpsecPki|pki]] tool. With strongSwan [[5.3.0]] we are upgrading to the improved BLISS-B signature algorithm described in "Accelerating Bliss: the Geometry of Ternary Polynomials":https://eprint.iacr.org/2014/874.pdf by Léo Ducas. This HOWTO is based on the new BLISS-B default scheme. It is possible though to revert to the old BLISS behaviour by setting
-Andreas Steffen
+<pre>
-Andreas Steffen
+libstrongswan {
-Andreas Steffen
+  plugins {
-Andreas Steffen
+    bliss {
-Andreas Steffen
+      use_bliss_b = no
 Andreas Steffen
 Andreas Steffen
 Andreas Steffen
-Andreas Steffen
+</pre>
-Andreas Steffen
+in strongswan.conf, although we don't see any advantage whatever for doing this.
 Andreas Steffen
-Andreas Steffen
+This seamless integration into the strongSwan framework was made possible by the new libstrongswan "bliss plugin":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/show/src/libstrongswan/plugins/bliss completely written in the C programming language without the use of any external libraries and which implements the libstrongswan "public_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/public_key.h and "private_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/private_key.h interfaces.
 Andreas Steffen
-Andreas Steffen
+h2. Building strongSwan with BLISS Support
 Andreas Steffen
-Andreas Steffen
+If you want to play around with BLISS keys and signatures using the strongSwan [[IpsecPki|pki]] tool please follow the quick software installation HOWTO:
-Andreas Steffen
+<pre>
-Andreas Steffen
+wget http://download.strongswan.org/strongswan-5.3.0.tar.bz2
-Andreas Steffen
+tar xjf strongswan-5.3.0.tar.bz2
-Andreas Steffen
+cd strongswan-5.3.0
-Andreas Steffen
+./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --enable-bliss
-Andreas Steffen
+make
-Andreas Steffen
+sudo make install
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. BLISS Private Key Generation
 Andreas Steffen
-Andreas Steffen
+strongSwan currently supports the BLISS-B-I, BLISS-B-III, and BLISS-B_IV schemes with a cryptographic strength of 128 bits, 160 bits and 192 bits, respectively. Using the [[IpsecPki|pki]] tool a private BLISS-B-I key can be generated as follows:
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --gen --type bliss --size 1 --debug 2 > cakey1.der
 Andreas Steffen
-Andreas Steffen
+mgf1 based on sha1 is seeded with 20 octets
-Andreas Steffen
+mgf1 generated 240 octets
-Andreas Steffen
+mgf1 based on sha1 is seeded with 20 octets
-Andreas Steffen
+mgf1 generated 240 octets
-Andreas Steffen
+l2 norm of s1||s2: 771, Nk(S): 44024
 Andreas Steffen
-Andreas Steffen
+secret key generation succeeded after 1 trial
-Andreas Steffen
+</pre>
-Andreas Steffen
+With the command
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --print --type bliss-priv --in cakey1.der
 Andreas Steffen
-Andreas Steffen
+private key with:
-Andreas Steffen
+pubkey:    BLISS 128 bits strength
-Andreas Steffen
+keyid:     66:5d:b6:ae:85:b6:32:1b:9a:7e:2c:ed:c7:6a:4d:68:f0:3a:ec:77
-Andreas Steffen
+subjkey:   50:c5:a5:b0:21:e2:a8:13:12:ba:7c:87:f3:3f:ab:90:ad:2c:4d:c2
-Andreas Steffen
+</pre>
-Andreas Steffen
+information on the BLISS private key is displayed.
 Andreas Steffen
-Andreas Steffen
+Let's now generate a BLISS-B-IV key with 192 bit cryptographic strength in base64-encoded PEM format
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --gen --type bliss --size 4 --outform pem  > cakey4.pem
-Andreas Steffen
+secret key generation succeeded after 1 trial
-Andreas Steffen
+</pre>
-Andreas Steffen
+The PEM key format is printable
-Andreas Steffen
+<pre>
-Andreas Steffen
+cat cakey4.pem
 Andreas Steffen
-Andreas Steffen
+-----BEGIN BLISS PRIVATE KEY-----
-Andreas Steffen
+MIIFGgYLKwYBBAGCoCoFAggDggOBAFPFQxsmKwFTjeebvilsNgguxG6vs6EWIyWi
-Andreas Steffen
+RUkzxZ3BZVy2Oya/9jkMO4O5W/TM5C5vKf0ADlu4fVzU2drT9YA6LzeJIhlWmHu0
-Andreas Steffen
+ISD9s3Q6pf5NxpvKKFiqjA8ePHFk2iIJQ+DbA9VCtYzM0BOz11+blrl4zOeHp2Am
-Andreas Steffen
+lmkQwW1OTYejkOBEdGFFuwpVbLXL0XTj4KPZB9icIU48VVh2fS/fOjSRyVhruzVO
-Andreas Steffen
+QQtHeCE6p0HLQCpYsw4i93KaYyoS9tDK5Ia/TGWcpp9Sih4k60iJAEusftoijJl
-Andreas Steffen
+hq41uiUgVd7vpeaWBoMurUODR4aYMiNF2eCGuPTC+76hpZ4h91TmZ7ASuoATl57E
-Andreas Steffen
+XN3wY61OuLW+CiTlHZsfddmTRyWbtp5t0Ckk2RaoEsCvU/22csb3Z4CkASoJawVB
-Andreas Steffen
+i6VeQPtTr9cfUDb4mhSOv7LRZmjkkqyl5FduVOw3BePVZGqHZLrLdZ1AAbAtoel9
-Andreas Steffen
+FYZ/EBEbQpGVEEWwm98tsFeIp2JWUCA9bOdzlOsoJ6mmgz9fKXDQBsv+DeOSkXNo
-Andreas Steffen
+yKJ0EnXh6J5iPG6gtvoRVwGLfL0Yqcl7nkB5UUGWdQC2PNKZEAW2zVg5Wx4ALtgI
-Andreas Steffen
+qKhqyH5S29X4LoCqut6TuU8PYjKMlr9G8pK5kfXx3/A1/iD15m5esYBRmkddMRsK
-Andreas Steffen
+w3XdASNeHOeVfFU6FgKe+hYQhCTBgZGN3CFRtRhWbV7NES2DRkxiIgFWYrfRgLt/
-Andreas Steffen
+pobwJcL4VqwQQiSD83isZaHNRKJ+WttYKpQmTQk/ycYpD1DJ98Kw1LeyfTXxvtv8
-Andreas Steffen
+prSQekPNXHeyN8fXDgZmpLIBdOyutO5uelVV/ovsLGtmSQehXXvLj9IoETxtsnYj
-Andreas Steffen
+XpQU86hCaOl8ZLaASUhrqqBe0nQYB5Utr7P7YaxrfYYoiCEZZrLR9oIWNHYMiev2
-Andreas Steffen
+FCkQie3mrOb9K5AJo3DnfyumrNjOxq2a8N9WHRaDGrKT+l3gVJysxebExLNJsOHU
-Andreas Steffen
+DZcnA3ulxmxoMdH/KzGMd9bjCIf0xNltRhULrBoShlhBElqK8znFHWhGmdbWhe
-Andreas Steffen
+C3kKzApp5MebesGOdUT/U/ylUKPyINd90cqQESjHe+WibikN4WCcihiBRzvexQG
-Andreas Steffen
+klrkgqhAxL9ZX4SFWtzLsiSIpmWJUaY72vwo2TuA5un+Xq3yi7YtBggaRjg86Yiv
-Andreas Steffen
+tDsRFpMAA4HBAByACgOQOAOCBz0AD+AT+QCQB+OgPx/wAOP+QQAeeAR+AAAFwACO
-Andreas Steffen
+CAAByOgAQOBz+AAPyNwCRwAD+h+QCPxyATx+QPxyACATweCRzwAACQAPyCQOOeQA
-Andreas Steffen
+OOOgPyCQAieCQARigBxwB9geMPxwCRiDxgVwEEAAOAB+eP+CMCR+OCgCMRwPwB+A
-Andreas Steffen
+RwAhwQBzhyRzyBx+QQCACEAfyOPwP/ifiDwSAhwCDyCCAQSAfhwMAeQBwSAACAAD
-Andreas Steffen
++CCeOUACeCASAAOBwQAAYAf/oEc8A8fkgAAfgEEHkEADfgn4AAAjk8gcAEEADgDo
-Andreas Steffen
+ccEg/fj8EkAcfkAEEgAo4EADnEIcnnjgEgAnkcEnggEcbgDhAAcdAcEAAAgA8AEk
-Andreas Steffen
+rgAjkdAAAHgAgdckAEIADBfgAA4HgYgD8EjgDkAcAEgEHn/8AA8gHgA8cEEcAAk
-Andreas Steffen
+fgggAf84AAAgBEj8jlD8AEcoADjgc/gDkgAk/gAdAg8A78ADAEgYgg8gEbngkc8/
-Andreas Steffen
+ggAnkjhcHggAkEgj8Ak=
-Andreas Steffen
+-----END BLISS PRIVATE KEY-----
-Andreas Steffen
+</pre>
-Andreas Steffen
+At last let's generate a BLISS-B-III key with a cryptographic strength of 160 bits with the highest debug level enabled:
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --gen --type bliss --size 3 --debug 4 > cakey3.der
 Andreas Steffen
-Andreas Steffen
+mgf1 based on sha1 is seeded with 20 octets
-Andreas Steffen
+mgf1 generated 380 octets
-Andreas Steffen
+mgf1 based on sha1 is seeded with 20 octets
-Andreas Steffen
+mgf1 generated 420 octets
-Andreas Steffen
+l2 norm of s1||s2: 1397, Nk(S): 134554
 Andreas Steffen
-Andreas Steffen
+S1[374] is zero - s1 is not invertible
 Andreas Steffen
-Andreas Steffen
+mgf1 based on sha1 is seeded with 20 octets
-Andreas Steffen
+mgf1 generated 400 octets
-Andreas Steffen
+mgf1 based on sha1 is seeded with 20 octets
-Andreas Steffen
+mgf1 generated 400 octets
-Andreas Steffen
+l2 norm of s1||s2: 1397, Nk(S): 150444
 Andreas Steffen
-Andreas Steffen
+secret key generation succeeded after 2 trials
 Andreas Steffen
-Andreas Steffen
+   i   f   g     a     F     G     A
-Andreas Steffen
+0  -1 11349  7348  7670  2988
-Andreas Steffen
+1   0  7974  3185  4952 11025
-Andreas Steffen
+0  -2  8985  2527  9470  4541
-Andreas Steffen
+1  -2  7381 10610 11589  2467
-Andreas Steffen
+0   0    24  6142  3407  1095
-Andreas Steffen
+0   0   660  5787  7097  4552
-Andreas Steffen
+-2   0  7663   996  8919   120
-Andreas Steffen
+0   0 11446  2979  5879  5439
-Andreas Steffen
+0   0 10761  9288  6406 11689
-Andreas Steffen
+1   2 10655  5145  9566 11720
-Andreas Steffen
+-1  -2  2239 12023  2977   497
-Andreas Steffen
+1  -2  8056  9625   769  1665
-Andreas Steffen
+-1   0 12073 10413  8267  7745
-Andreas Steffen
+0   0 10423  7043  8384   659
-Andreas Steffen
+-1   0  2927  4462  1895  3870
-Andreas Steffen
+0  -2  8350 10004  5363  2321
-Andreas Steffen
+0   0  8719  8405  9805  4329
-Andreas Steffen
+0   0   126    16 11765  9184
-Andreas Steffen
+1   0 11077  7415 10462 12186
-Andreas Steffen
+0   0 10321 10888  9001  9002
-Andreas Steffen
+0   0 11406 12197  2320  2112
-Andreas Steffen
+-1   0  2382  8071 11316  6203
-Andreas Steffen
+0   0 11952  2522  7713  2532
-Andreas Steffen
+-1   0  3121  3838  1919  6145
-Andreas Steffen
+0   2  3530  7422  3780  6905
-Andreas Steffen
+-1   0  1229  3845  2506  2337
-Andreas Steffen
+-1   2  1278   246 10767  6488
-Andreas Steffen
+0   0  1031  8302  2463 11225
-Andreas Steffen
+0  -2  6091 11836  4336  2866
-Andreas Steffen
+0   0  9763 11818  1023  5477
-Andreas Steffen
+1   0  3533 11202 11192   815
-Andreas Steffen
+-2   0  2485  9375  1396  1096
-Andreas Steffen
+0   2  7774  9256 11751  4761
-Andreas Steffen
+1  -2  5705   105  8018  5109
-Andreas Steffen
+1  -2  1310  1037 11693  6138
-Andreas Steffen
+0   2  3963 11119  7278  9888
-Andreas Steffen
+-1   0  2664   716  7917  2946
-Andreas Steffen
+0  -2  2310  7971 11642 12218
-Andreas Steffen
+0   0  9219 11411  7807  8627
-Andreas Steffen
+0   0  5358  9175 10240  7187
-Andreas Steffen
+0   0  9739 11874 10139 11850
-Andreas Steffen
+1   2  8814 10927 12043   325
-Andreas Steffen
+0   0  7933 11743  3920  9761
-Andreas Steffen
+-2   0   251  6664  6850  4969
-Andreas Steffen
+0   0  3754  5561  1275  4389
-Andreas Steffen
+0   0  4863  4628 11852  5770
-Andreas Steffen
+0   0  9053  8612  8420  4162
-Andreas Steffen
+0  -2  7268  6093  2250 12126
-Andreas Steffen
+-1   0  3867  7439 10172 11395
-Andreas Steffen
+0   0  1877  8716  2985  4663
-Andreas Steffen
+0   2  4520   140  3538  6872
-Andreas Steffen
+-1  -2 12012  7676  9229  8965
-Andreas Steffen
+1   0 11243  1199  5329  3192
-Andreas Steffen
+0   0  3816  4823  4210  2768
-Andreas Steffen
+0   0 11185  7269 11376 10485
-Andreas Steffen
+0  -2   368  6947  8326  6955
-Andreas Steffen
+0   0 12276 11097  9506  5786
-Andreas Steffen
+0   0  1482  7994  2714 10832
-Andreas Steffen
+0   0  8790  4355  2509  5980
-Andreas Steffen
+0   0  2592  5059 10875 12262
-Andreas Steffen
+1   2   741  7578  6721  5847
-Andreas Steffen
+-1   0  5401  2769  1664  5597
-Andreas Steffen
+-1  -2  3498  3562  8160  1127
-Andreas Steffen
+0   4  9783  9751  4934   153
-Andreas Steffen
+1   2   562 10232  3792  2585
-Andreas Steffen
+0   2  5623  3669   816  8702
-Andreas Steffen
+0   0  6817  2897  3255   595
-Andreas Steffen
+0   2  4920  4356  5602  2309
-Andreas Steffen
+1   2  1443  8246  1837  9328
-Andreas Steffen
+-1   2  8830  8527 10087 11388
-Andreas Steffen
+1   2  8318   386  8777 10115
-Andreas Steffen
+0   0  4835  3976  8200  6604
-Andreas Steffen
+0   0 12193  2774  9810  4345
-Andreas Steffen
+0  -2  5217  4530  5891  2120
-Andreas Steffen
+0  -2  2158  1444  8147  8082
-Andreas Steffen
+0   0  6172  6249  9683  3797
-Andreas Steffen
+0  -2  3351  2755  4435 10774
-Andreas Steffen
+0   0  1795  5593  7010  2249
-Andreas Steffen
+0   0  6378  6529  2449  3586
-Andreas Steffen
+1   0  3282  8543  8791  6877
-Andreas Steffen
+0   0  5941  2515  3404  2122
-Andreas Steffen
+0   0  9619   226  4829   402
-Andreas Steffen
+0   0  3819  1636  3669  5343
-Andreas Steffen
+0   0 10054 10341  5815  9832
-Andreas Steffen
+-1  -2  5846  1459  6451  1689
-Andreas Steffen
+0   0  7204  2539  4867  2209
-Andreas Steffen
+0   0  5750  2023   198  8863
-Andreas Steffen
+-1   2  6261  5977 12147   331
-Andreas Steffen
+0   0  3021  2021  2604  1412
-Andreas Steffen
+0   2  7572  3901  5291 12199
-Andreas Steffen
+1  -2  3971 10971  5040  6150
-Andreas Steffen
+-1   0  3481  7683  7127  5588
-Andreas Steffen
+0   0  3473 10868  6948 11869
-Andreas Steffen
+0   2  6995   549  8855  4202
-Andreas Steffen
+0   0  7016  7421  1258  1782
-Andreas Steffen
+1   2 12142  5614 12132  5085
-Andreas Steffen
+1   0   297 11408 10263  5819
-Andreas Steffen
+1  -2  4317   569  1661  4560
-Andreas Steffen
+0   2 11899  8600  5015  2094
-Andreas Steffen
+1   0  5837   554  9502  5474
-Andreas Steffen
+-1  -2  3375  3281  8625  7400
-Andreas Steffen
+1   0  6925   720  9235 10339
-Andreas Steffen
+0  -2 11463 11460  3152  8935
-Andreas Steffen
+-1  -2   996  3541  9592  4202
-Andreas Steffen
+0  -2  2977  4667  4746  6684
-Andreas Steffen
+0   2  3324 10226  9780  6935
-Andreas Steffen
+-1   2 12127 10743 12252  3426
-Andreas Steffen
+0  -2  9795 10231  6839  4720
-Andreas Steffen
+0  -2  2889  3500  3258 10106
-Andreas Steffen
+-1   4  8087  6380  5416  6311
-Andreas Steffen
+1  -2 10557  3805  1796  5365
-Andreas Steffen
+1   2  5909 10540  3107  6083
-Andreas Steffen
+0   0 10442  3605  1555  2523
-Andreas Steffen
+0   2  4226  1933  5029  6252
-Andreas Steffen
+-1   2  5275    89  7465  3812
-Andreas Steffen
+-1   0  6815 10334   200 11126
-Andreas Steffen
+1   2  8730  6104  4971  2153
-Andreas Steffen
+-1  -2 11235 12105  8587   688
-Andreas Steffen
+0  -2  1258  4392   665  3646
-Andreas Steffen
+0   0  2480  3460  8326  2652
-Andreas Steffen
+1   0  1216 12123  2535   651
-Andreas Steffen
+0   2   857  2091   562  1352
-Andreas Steffen
+0  -2  3169  4464  2919  6236
-Andreas Steffen
+1   0 10107  2680  1350  8667
-Andreas Steffen
+0  -4 10308  2108  9352   704
-Andreas Steffen
+1   2   878 11994  2136  3492
-Andreas Steffen
+0  -2  3800  8913  4121  2070
-Andreas Steffen
+-1   0  2443 12112  7839   164
-Andreas Steffen
+0  -2 11654  9227  7360  9710
-Andreas Steffen
+0   2 11660 11240 10772  2157
-Andreas Steffen
+1   0 11564   268 12057  4768
-Andreas Steffen
+0   2  8890 10527 10742  1333
-Andreas Steffen
+-1  -2  9912 11312  4630  8146
-Andreas Steffen
+-1   0 11456  6000  2141  4365
-Andreas Steffen
+2   0  7960  7033  8674  7036
-Andreas Steffen
+-1   0  8533  2433  6170 11842
-Andreas Steffen
+1  -2  1397  9385  6566  9096
-Andreas Steffen
+0   0  3543 10922  5370    59
-Andreas Steffen
+0   2   691  8292  8171  7134
-Andreas Steffen
+0   0  2713  3104  9141  2707
-Andreas Steffen
+0  -4  1268  2361  6871   513
-Andreas Steffen
+1   2 11076  6984  2153   815
-Andreas Steffen
+0   0 11657  3591  7098  2661
-Andreas Steffen
+1   2  2834  4083  3018  1617
-Andreas Steffen
+0   0  8185  6619   366  9415
-Andreas Steffen
+-1  -2  1494 11839  6863   449
-Andreas Steffen
+0  -2  1832 10258  7230  3046
-Andreas Steffen
+0   0 10931   383  4893 12013
-Andreas Steffen
+0  -4  8238  6439  4367  1371
-Andreas Steffen
+0   2  8006  2974 11322   260
-Andreas Steffen
+0   0  3541  8377  6324  2901
-Andreas Steffen
+0  -2   687   330  6124  7243
-Andreas Steffen
+0  -2  5192 10152  4457 10671
-Andreas Steffen
+0   0  8674  3299  1218   317
-Andreas Steffen
+-1  -2  1498    19  1224  1358
-Andreas Steffen
+1   0   472  2029  5208 12231
-Andreas Steffen
+1   2 11731  6425  7592  7694
-Andreas Steffen
+0   2  2261  2600 10784  4466
-Andreas Steffen
+0  -2  1898 10580  1586  6744
-Andreas Steffen
+0  -2  2031  4303  4379  9674
-Andreas Steffen
+0   2  8153  5295  3898  8827
-Andreas Steffen
+0   2  2277  6730 11103  7512
-Andreas Steffen
+0   0  7728  5951  8617  5449
-Andreas Steffen
+-1   0  3329  9973  2756  3798
-Andreas Steffen
+0   4  4018  4540   262  7747
-Andreas Steffen
+2  -2 10665  6550   101  8895
-Andreas Steffen
+0  -2   312  5809  4027  6453
-Andreas Steffen
+0   0  3681 11662  4601  3795
-Andreas Steffen
+0   0   500  5083  3045 10237
-Andreas Steffen
+-1  -2  8154  3232 10955  7992
-Andreas Steffen
+0   0 11548  6348  5285 12164
-Andreas Steffen
+1   0  6451    22   780  3387
-Andreas Steffen
+1   0  5800  5147 11929  9887
-Andreas Steffen
+1  -2  8134 11119  9744  1000
-Andreas Steffen
+0   0  5101  7573  9100   415
-Andreas Steffen
+1   0  9541  6816  2627  7553
-Andreas Steffen
+1  -2 10032  6407  7662  3751
-Andreas Steffen
+-1   2  8100  1861  3525 10574
-Andreas Steffen
+0  -2 10999  5885  8924  7590
-Andreas Steffen
+-1   0 11795 11656  5412 11931
-Andreas Steffen
+0   0  1342  2873  8302  5833
-Andreas Steffen
+0   0  8856 10345  7649  3593
-Andreas Steffen
+0   0  7741  1590  4966 10870
-Andreas Steffen
+0  -2  3478  2035 10096    11
-Andreas Steffen
+1   0  8425  2564  3099  9055
-Andreas Steffen
+1   0  4004  5338  6973 11648
-Andreas Steffen
+0   0  4081   397  5788  3141
-Andreas Steffen
+1  -2  6047  6044  3975  7664
-Andreas Steffen
+0   2   975  9088  8057  9530
-Andreas Steffen
+-1  -2  3775  8502  1657  2826
-Andreas Steffen
+0   0    72  5348 10522  5788
-Andreas Steffen
+-1   2  9402  7182 10043 10824
-Andreas Steffen
+-2  -2  8696  2259   176   642
-Andreas Steffen
+1   0  3219 10202    91  8120
-Andreas Steffen
+0   0  7399  8460  5181  3038
-Andreas Steffen
+1   0 10700  3012  2362  4856
-Andreas Steffen
+1   0  4992 11439 10921   551
-Andreas Steffen
+0   0  5563  1953  8425   923
-Andreas Steffen
+0  -2  6322  5002 10435  5611
-Andreas Steffen
+-1   2  5331  3700  5755  6993
-Andreas Steffen
+0   2  5020  6081  4634  8539
-Andreas Steffen
+0  -2  1731  4572  2581  9642
-Andreas Steffen
+0   2 11300 11624  8550  8765
-Andreas Steffen
+0   0  2415  4285   437  5756
-Andreas Steffen
+0   0  1692  2723  3419  8567
-Andreas Steffen
+-1   2 11041  8154   463  1789
-Andreas Steffen
+0   0   229   879   660  9941
-Andreas Steffen
+0   0 10044  8647  6406 10013
-Andreas Steffen
+0  -2  5036 10770  3797  9730
-Andreas Steffen
+0   2   128   719  6480  5034
-Andreas Steffen
+-1   0  1769 10401  2634  1730
-Andreas Steffen
+-1   0  7590  6692 10502  6910
-Andreas Steffen
+0   0  9672  8222  8598  1131
-Andreas Steffen
+1   0  3125  9161  4272  2293
-Andreas Steffen
+1   0  6486  6086 10033  4450
-Andreas Steffen
+0   2  4166 11350  4036 10531
-Andreas Steffen
+1   0 10082 11068 11523  7992
-Andreas Steffen
+0   2  7985  9711  4620  1352
-Andreas Steffen
+0  -2  4946    35   768  6342
-Andreas Steffen
+2   0  9774  8732  5103  7354
-Andreas Steffen
+-1   0  3980  4302   175 11772
-Andreas Steffen
+-1   0  3136 10258  9525  3299
-Andreas Steffen
+1   0 10184 11483  7139  6837
-Andreas Steffen
+0   2  7193  5495  9627  3249
-Andreas Steffen
+0   2  4553 10654  1257  8703
-Andreas Steffen
+0   2  7386  1794  2317  7187
-Andreas Steffen
+-1   2   307 11685   515  5106
-Andreas Steffen
+-2  -2  7122  9559  7718 11755
-Andreas Steffen
+-1   2  3466  4578   320  9143
-Andreas Steffen
+0   0  5051 11084  5008  1495
-Andreas Steffen
+0   2 10973  1782  6396   707
-Andreas Steffen
+1   0  1035  6457  5457  9829
-Andreas Steffen
+1   2  4754  1143  5864  6112
-Andreas Steffen
+0   2  5311  9348  7515  8484
-Andreas Steffen
+0   2  3745 10143  2071  5422
-Andreas Steffen
+0   0   225 10115   234  5223
-Andreas Steffen
+0  -4 12167  3220 10760   156
-Andreas Steffen
+0   0  5150  9392  6587  1703
-Andreas Steffen
+0   0 11547  8431  3214  9415
-Andreas Steffen
+0   0 10851  7709  8050  7538
-Andreas Steffen
+-1  -2   874  4765  4964   424
-Andreas Steffen
+1  -2 10600  1689   176  6010
-Andreas Steffen
+1   0  5997  7556  2161  3323
-Andreas Steffen
+0   0 11136  1266  1123  4767
-Andreas Steffen
+1   2  8554  2615  8070   708
-Andreas Steffen
+0   0  5773   555  5168  7272
-Andreas Steffen
+1   0  9508  9446  7790   235
-Andreas Steffen
+-1   0  3106  4221  6747  8893
-Andreas Steffen
+0  -2   241  6515  5228  7759
-Andreas Steffen
+0   0  1974 11662  7592  5613
-Andreas Steffen
+-1  -2  3428  1764 10330 11640
-Andreas Steffen
+1   0  4655  1942  1732  6215
-Andreas Steffen
+0   0 11761  3245  3177   463
-Andreas Steffen
+0   2  2542 10529 10352  4798
-Andreas Steffen
+0   0 12279  9976  8184  1686
-Andreas Steffen
+0   2  3742 10902  6628  4000
-Andreas Steffen
+-1   0  6807  3116  6784  5492
-Andreas Steffen
+1   0   901  3092  5803  7605
-Andreas Steffen
+-1   2  5324  1193 11349  9919
-Andreas Steffen
+0   0  2529  2195    55  4199
-Andreas Steffen
+0   2   864 12240 10142  1047
-Andreas Steffen
+0  -2  1873  5812  8077 11544
-Andreas Steffen
+0   2  6561  6540   574  2394
-Andreas Steffen
+0   0 11716   386  2798 10004
-Andreas Steffen
+-1  -2  9511  6119  7103  8637
-Andreas Steffen
+0   0  2030  2719  3742 11400
-Andreas Steffen
+0   0  3930  7307  6651   307
-Andreas Steffen
+1   0  9365 12108 10182 10128
-Andreas Steffen
+0   0  3050  9623   605 10173
-Andreas Steffen
+-1  -2  2608  3226  7810  7644
-Andreas Steffen
+1   2  1443 10911  8826  9411
-Andreas Steffen
+1   2  5348  5689   732  8915
-Andreas Steffen
+-1   0 10309  9547  3782  4821
-Andreas Steffen
+-1   0  7011  2137   329  5860
-Andreas Steffen
+1   0   425   151  3881  1572
-Andreas Steffen
+-1  -2  9483  3656  9352  8742
-Andreas Steffen
+-1   2   467 11338  1738 10323
-Andreas Steffen
+1   0  9537  2935 11057  4262
-Andreas Steffen
+-1   2  2982  4478  9997  4813
-Andreas Steffen
+0   0  7618  2654   704  6455
-Andreas Steffen
+1  -2  6020  6996   514  3587
-Andreas Steffen
+0   0   247  2408  9281  7266
-Andreas Steffen
+0   0  9312  8448  1433   150
-Andreas Steffen
+-1   2  8888   579  2432  2254
-Andreas Steffen
+0  -2   680  8265  7767  2316
-Andreas Steffen
+0   0 11315  3768  4554  8944
-Andreas Steffen
+-1   0  5306  2299  8412  4745
-Andreas Steffen
+1   0  7061  9470 10690  5659
-Andreas Steffen
+1  -2 12278  9451  2537  6516
-Andreas Steffen
+-1  -2  6029  4153  8159   650
-Andreas Steffen
+0   0    83  5244   380  3384
-Andreas Steffen
+1   0   444  3466  8086   832
-Andreas Steffen
+0   2   625 11105  9360  7133
-Andreas Steffen
+-1   2 10950  1635  7226  3056
-Andreas Steffen
+0   0   601   153  7982  9289
-Andreas Steffen
+0   0  4177  5547  8758  3163
-Andreas Steffen
+0  -2  8037 12168  6842  3295
-Andreas Steffen
+0   2  9675  2582  5677  8555
-Andreas Steffen
+0  -4 11275  5739 12176  6910
-Andreas Steffen
+0   0  8556   449  9059 11926
-Andreas Steffen
+1  -2  7028  8263  4462  1403
-Andreas Steffen
+1   0  9851  9816 10642  3504
-Andreas Steffen
+-1   0  3040 12216  8553  2913
-Andreas Steffen
+-1   4  2910  3848 11681 12110
-Andreas Steffen
+1   0  1841 10354  4153  1376
-Andreas Steffen
+-1   0 12210  4975  2286  5252
-Andreas Steffen
+0   0  8918  9177  1954   260
-Andreas Steffen
+-2   0  6909  6209  8913  5854
-Andreas Steffen
+-1  -2  6292   703  6706 11879
-Andreas Steffen
+1   2 11570 11111  6320  5315
-Andreas Steffen
+0   0  5052   592  4939 12069
-Andreas Steffen
+-1   0 10922 12185  9127  2630
-Andreas Steffen
+0   2  7576 10464  9782  2944
-Andreas Steffen
+-1   0  3680   366  4320  8876
-Andreas Steffen
+1  -2  1219  3469  6931  5376
-Andreas Steffen
+1   0  3550 10768  4531  1823
-Andreas Steffen
+-2  -2  1658  7879 11165    95
-Andreas Steffen
+0   0  2694  1931  5154  4973
-Andreas Steffen
+0   0  1040   460  8549  3732
-Andreas Steffen
+-1   0  8606  6308  8514  5351
-Andreas Steffen
+0  -2  8549  1116 10216  4590
-Andreas Steffen
+0   2  3357  8573  9508  1479
-Andreas Steffen
+1  -2  6401  9086  5806   731
-Andreas Steffen
+0   4  8810   541  1047 10610
-Andreas Steffen
+0   0 12091  1342  9191 11664
-Andreas Steffen
+-1  -2  3353  7216  6908  4422
-Andreas Steffen
+1  -2  6423  5847  1781  4290
-Andreas Steffen
+-1   0  2085  6979  3705 10865
-Andreas Steffen
+0   0  4054  9659  7199  5282
-Andreas Steffen
+0   0  4131  7411  9499   318
-Andreas Steffen
+0   0  4228  5354 10302  4744
-Andreas Steffen
+0   0  2544 11482 10185  2500
-Andreas Steffen
+-1   0    83  4027 11600   778
-Andreas Steffen
+0   2 10980   846  4210 11190
-Andreas Steffen
+-1   0  9362  3868   220  7803
-Andreas Steffen
+-1   0 11475  1085  1224  2878
-Andreas Steffen
+-1   0  5423   164  3901  9840
-Andreas Steffen
+0   2  4383  2284 10899  9200
-Andreas Steffen
+0   0  3723   899 11100 10702
-Andreas Steffen
+1   0  7305  7082  5684 11561
-Andreas Steffen
+1   0  2908 11634  2989  2078
-Andreas Steffen
+0  -2 10159  3082  8672  8767
-Andreas Steffen
+1   2  4147  6030  3925  7103
-Andreas Steffen
+0   2  6503  8183  7428  7283
-Andreas Steffen
+0  -4  1540  5385  3648  7333
-Andreas Steffen
+1   0  6989  2881 10619  8603
-Andreas Steffen
+0   0  2902 12009   698  5352
-Andreas Steffen
+0  -2  7777  8639  1878  8255
-Andreas Steffen
+0  -2  7904  2306  2389 10217
-Andreas Steffen
+0   0  3969  2527  9120   558
-Andreas Steffen
+0   0   228  8105  1127 10594
-Andreas Steffen
+0   0  7932  1438  2928  6326
-Andreas Steffen
+0   2  7927 11962  2097  5518
-Andreas Steffen
+0   0 11544  2417  5795 10400
-Andreas Steffen
+0   0 10459  8131 11956  4921
-Andreas Steffen
+0   0   312 11086  5587  7238
-Andreas Steffen
+0   0  1452 11546  4140   441
-Andreas Steffen
+0  -2  7851  5803  9477   584
-Andreas Steffen
+0  -2 11293 10761 10615  6033
-Andreas Steffen
+1  -2  2858 11927  9839  5031
-Andreas Steffen
+-1   4   359  6204  6880  4866
-Andreas Steffen
+-1   0  6279  3716  1209  1677
-Andreas Steffen
+-1   2  1054  5481  3774  3606
-Andreas Steffen
+0   0  4712  8559  7160  6192
-Andreas Steffen
+1   0  6108 11892   260  5014
-Andreas Steffen
+-2   0  7497  2298   580 11947
-Andreas Steffen
+0  -2   763  7812  2847  3167
-Andreas Steffen
+0   0 11981  4945  8923  6657
-Andreas Steffen
+0   0  8100  6595 12018  5346
-Andreas Steffen
+0  -2  5488  1311 11385  5183
-Andreas Steffen
+0   2  1659  5948   912  6562
-Andreas Steffen
+-1   0  8633  6154  9146  9371
-Andreas Steffen
+1   0   590  1897  5342  1577
-Andreas Steffen
+0   0  4566  6636  4267 10810
-Andreas Steffen
+0  -2  8598  3136  1723  8798
-Andreas Steffen
+0   0  2460  1107 10645 10256
-Andreas Steffen
+0   2 11497  3068  5174  2397
-Andreas Steffen
+0   0  2749  4923  7543  2680
-Andreas Steffen
+1   4  2843  7308  7749   107
-Andreas Steffen
+-1   0  9178  8015  8361 10628
-Andreas Steffen
+0   0  8418  1085  7030  1309
-Andreas Steffen
+0   0  6413  6687  6321  9605
-Andreas Steffen
+0   0  7704  9813  2529 12015
-Andreas Steffen
+1   0  4353 11345  5846  7362
-Andreas Steffen
+-2   0   483   493  7176   887
-Andreas Steffen
+0  -2  1964 12124   630 11168
-Andreas Steffen
+0  -2 11626  7968 10413 10000
-Andreas Steffen
+-1  -2  7600  2425  6332  3104
-Andreas Steffen
+0   0  1875 10712  9870  4381
-Andreas Steffen
+-1   2  5301  9244  9938  7693
-Andreas Steffen
+-1   0  8347  1651  4708 10498
-Andreas Steffen
+-1   0  6480  3664  7631  8055
-Andreas Steffen
+1   0 11001  4962  3013  1707
-Andreas Steffen
+-1   0  9167  5049 12060  7976
-Andreas Steffen
+0   0  3871 10432  8889  9207
-Andreas Steffen
+0   2  1900  1335  3063  7210
-Andreas Steffen
+0   0  3446  5082 11819 11075
-Andreas Steffen
+-1   0  9621 12019  8735  5657
-Andreas Steffen
+0   2 10282  5977  5889  6091
-Andreas Steffen
+0  -2  6899 10659 10654  7201
-Andreas Steffen
+0  -2  8828 11918   530 10532
-Andreas Steffen
+0   0  5889  5235  1426  1505
-Andreas Steffen
+0   2 10499 11288  6888 11079
-Andreas Steffen
+0  -2  6758 11300  3460  9527
-Andreas Steffen
+0   2 10492  4626  9496   103
-Andreas Steffen
+1   0  4071  5214  9330  5418
-Andreas Steffen
+0   4  4344  5575  3054  6479
-Andreas Steffen
+0  -2  3367   988  6366 11176
-Andreas Steffen
+-1   0  7382  6520  1529  9724
-Andreas Steffen
+0   0  7638  6486  4438  2460
-Andreas Steffen
+0  -2  1148  9873  8821  1975
-Andreas Steffen
+0   0  6283  5276 11948  5257
-Andreas Steffen
+0   2  2366  6232 10434  9810
-Andreas Steffen
+1   0  3431  2686  4540  2454
-Andreas Steffen
+1   0  4532  5476 11629  4946
-Andreas Steffen
+0   0  5428  8846   483  4258
-Andreas Steffen
+0   4  2795  1320  8114  5350
-Andreas Steffen
+0   2  2510 12017  2768  5050
-Andreas Steffen
+0  -2  2406  2440  2740  6750
-Andreas Steffen
+0   2 10282  1086   809 10400
-Andreas Steffen
+0   0  8477  8393  3405 10159
-Andreas Steffen
+-1   0  7203  5025   387  6339
-Andreas Steffen
+0   0  1510    42  3061  5047
-Andreas Steffen
+1   0  8899  1346  3963  3518
-Andreas Steffen
+0   0  7690  4485  2532  6815
-Andreas Steffen
+0  -2  2210 11591  2890  4503
-Andreas Steffen
+0   0  2367  8826  8001 12127
-Andreas Steffen
+1   2 10596  8314  7863 12185
-Andreas Steffen
+-1  -2  6039 10099  5011  6333
-Andreas Steffen
+-1  -2  7353  8641  6623   965
-Andreas Steffen
+0   0  3054  6816  5283  7438
-Andreas Steffen
+-1   0  9421  5919  7903 11491
-Andreas Steffen
+0   0  5202 11236 11135  6875
-Andreas Steffen
+1   0 10469  3625  5140 11409
-Andreas Steffen
+-1   0  6457  3420  1289  3087
-Andreas Steffen
+0   0  4981  7584  3667  8992
-Andreas Steffen
+0   0  2486  9323  5488  6760
-Andreas Steffen
+0  -2 10800  9052 10347  4450
-Andreas Steffen
+1   0  1546  5976  6208 10283
-Andreas Steffen
+-1   0 10050  8648  5275  3907
-Andreas Steffen
+1   4 10633  8816  8122  7347
-Andreas Steffen
+-1   0  8730  5232 12281  4754
-Andreas Steffen
+1   2  4288  4871  6784 12192
-Andreas Steffen
+1   0  9297  9950  4775  2378
-Andreas Steffen
+1   2  1069   209 11331   995
-Andreas Steffen
+0   0  7851  6881  6175  5523
-Andreas Steffen
+0   0  5388  6671  4672  1421
-Andreas Steffen
+0  -2 10231  5133  2309  5799
-Andreas Steffen
+-1   0   153  9835  5074  5216
-Andreas Steffen
+0   0 11934  2437  7339 11818
-Andreas Steffen
+-1   0  8801  8789    48 11348
-Andreas Steffen
+0   2  6042   987  8243 10106
-Andreas Steffen
+-2   0 10333  2589  4798  6818
-Andreas Steffen
+-1   0  6545  9349  9453  2743
-Andreas Steffen
+-1  -2  4195  9643  9110 11013
-Andreas Steffen
+0  -2  6640   357 11133  9945
-Andreas Steffen
+-1   0 11534  6683 11405    44
-Andreas Steffen
+0   0  7142  5256  9490 10584
-Andreas Steffen
+0   0  7200  2149  3622  9014
-Andreas Steffen
+0   0  7165  7039 10762  7156
-Andreas Steffen
+1   2  8215  7133 10600  1285
-Andreas Steffen
+2  -2 11301 10333  7383   769
-Andreas Steffen
+-1   0  5004 10864  3139  1300
-Andreas Steffen
+1   0 11040  3075 10760 11733
-Andreas Steffen
+0  -2  6614  8230  3156  2279
-Andreas Steffen
+0   0  3877  7182 10115 11440
-Andreas Steffen
+-1   0  2357  2232  4764  2711
-Andreas Steffen
+1  -2  3295  2363  2758  2045
-Andreas Steffen
+0   0  8589   865  2917  2518
-Andreas Steffen
+0   2  2772  2928  3650  6641
-Andreas Steffen
+0   0  5177  2183  7996  8414
-Andreas Steffen
+1  -2  6874  9197  8865  8729
-Andreas Steffen
+-2   0  7827 11526 10909  1548
-Andreas Steffen
+0  -2 11766  8236  6451  5159
-Andreas Steffen
+0   2 10634  8707  6140  7148
-Andreas Steffen
+-1   0   613  1770  4832  8487
-Andreas Steffen
+1   2  4973  1080 10080  8202
-Andreas Steffen
+0   0 11955  4174   873  1699
-Andreas Steffen
+-1  -2 10831   993  6778  8348
-Andreas Steffen
+1   0  5558  5835  7067  4186
-Andreas Steffen
+0  -2  2702  3993  6392  6043
-Andreas Steffen
+-1   0 12069  1685  1987  4574
-Andreas Steffen
+-1  -2 10029  9050  6174 10299
-Andreas Steffen
+-1   0  9883  8157 10233  1321
-Andreas Steffen
+1   2  4512  7252  6080   699
-Andreas Steffen
+0   0  5562   756  5195 11922
-Andreas Steffen
+0   0  3388  2386 11462  7782
-Andreas Steffen
+0   0  8847 11806 10279  2981
-Andreas Steffen
+2   0  4206  9692  7466  3513
-Andreas Steffen
+1   2 10165 11806  9176 10260
-Andreas Steffen
+0   0  1657 11469 12267    30
-Andreas Steffen
+0   0 10457 11636   606   319
-Andreas Steffen
+1   0  2806  9200  7521  1752
-Andreas Steffen
+0   0  1874  5675 11192  6546
-Andreas Steffen
+0   2   874  5094 11842  7809
-Andreas Steffen
+-1   0   760 12102  5115 10093
-Andreas Steffen
+-1   0  1626  4185  9898  2052
-Andreas Steffen
+-1   2 11878  8847  8718 11044
-Andreas Steffen
+-1   0   952  2338  1103 11254
-Andreas Steffen
+1  -2  2558 10638  3234  3355
-Andreas Steffen
+-1   0  8556 11033  5603  1199
-Andreas Steffen
+0   0  5848  7063 11603  6796
-Andreas Steffen
+0   2  7859  2289  1071  7667
-Andreas Steffen
+0   0  7909  7745  9517  9120
-Andreas Steffen
+0   0  7307  3801   992  4019
-Andreas Steffen
+0   2  4268  2937  3718  1290
-Andreas Steffen
+0   0  7878 10639   121 12207
-Andreas Steffen
+0  -2  9470  8437 10821  3280
-Andreas Steffen
+-1   0  8213  9197  7737  8475
-Andreas Steffen
+-1  -2 10700  6041  8143  5205
-Andreas Steffen
+-1   0   344  5879  1943  2793
-Andreas Steffen
+1   0 10325  7270  3760  2198
-Andreas Steffen
+</pre>
-Andreas Steffen
+Shown are the 512 small coefficients of the private keys *f* = *s1* and *g* = 2 * *s2* + 1 as well as their Number Theoretic Transforms (NTT) *F* and *G*, respectively. The BLISS public key *A* is computed as the component-wise inverse of *F* * *G* and the reverse NTT gives *a* = 1/(*f* * *g*) mod q with the 14 bit modulus q = 12289. Sometime it happens that *F* * *G* is not invertible, so that the following debug message is output
-Andreas Steffen
+<pre>
-Andreas Steffen
+S1[374] is zero - s1 is not invertible
-Andreas Steffen
+</pre>
-Andreas Steffen
+and another trial run is started.
 Andreas Steffen
-Andreas Steffen
+h2. BLISS Root CA Certificate Generation
 Andreas Steffen
-Andreas Steffen
+A self-signed BLISS CA certificate can be generated with the following command
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --self --type bliss --in cakey4.pem --ca --dn "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" --lifetime 3653 --debug 2 --outform pem > cacert4.pem
 Andreas Steffen
-Andreas Steffen
+  file content is not binary ASN.1
-Andreas Steffen
+  -----BEGIN BLISS PRIVATE KEY-----
-Andreas Steffen
+  -----END BLISS PRIVATE KEY-----
 Andreas Steffen
-Andreas Steffen
+L0 - BLISSPrivateKey:
-Andreas Steffen
+L1 - keyType:
-Andreas Steffen
+  'BLISS-B_IV'
-Andreas Steffen
+L1 - public:
-Andreas Steffen
+L1 - secret1:
-Andreas Steffen
+L1 - secret2:
-Andreas Steffen
+L0 - subjectPublicKeyInfo:
-Andreas Steffen
+L1 - algorithm:
-Andreas Steffen
+L2 - algorithmIdentifier:
-Andreas Steffen
+L3 - algorithm:
-Andreas Steffen
+  'blissPublicKey'
-Andreas Steffen
+L3 - parameters:
-Andreas Steffen
+L4 - blissKeyType:
-Andreas Steffen
+  'BLISS-B_IV'
-Andreas Steffen
+L1 - subjectPublicKey:
 Andreas Steffen
-Andreas Steffen
+mgf1 based on sha256 is seeded with 32 octets
-Andreas Steffen
+y1 = -991..766 (sigma2 = 76597, mean = -22.8)
-Andreas Steffen
+y2 = -1036..956 (sigma2 = 84979, mean =  4.5)
-Andreas Steffen
+norm2(s1*c') + norm2(s2*c') = 55310 (69576 max), accepted
-Andreas Steffen
+scalar(z1,s1*c) + scalar(z2,s2*c) = -66103, rejected
 Andreas Steffen
-Andreas Steffen
+mgf1 generated 10464 octets
-Andreas Steffen
+mgf1 based on sha256 is seeded with 32 octets
-Andreas Steffen
+y1 = -732..848 (sigma2 = 71245, mean =  2.6)
-Andreas Steffen
+y2 = -799..651 (sigma2 = 70586, mean = 20.7)
-Andreas Steffen
+norm2(s1*c') + norm2(s2*c') = 57406 (69576 max), accepted
-Andreas Steffen
+scalar(z1,s1*c) + scalar(z2,s2*c) = -35398, accepted
 Andreas Steffen
-Andreas Steffen
+z1 = -734..853, z2d = -3..3
 Andreas Steffen
-Andreas Steffen
+efficiency of Huffman coder is 3.4180 bits/tuple (1750 bits)
-Andreas Steffen
+generated BLISS signature (6709 bits encoded in 839 bytes)
-Andreas Steffen
+signature generation needed 2 rounds
 Andreas Steffen
-Andreas Steffen
+mgf1 generated 10464 octets
-Andreas Steffen
+</pre>
-Andreas Steffen
+With a debug level of 2 you get quite a lot of debug information. Starting from the top, the automatic conversion from PEM to DER format is shown, followed by the ASN.1 encoding of the BLISS private key from which the BLISS public key is extracted. Then in order to generate the BLISS certificate signature, two vectors *y1* and *y2* with 512 random numbers tightly following a Gaussian probability distribution using rejection sampling are generated. This process often requires several rounds and a lot of random bits are used. The BLISS signature finally consists of the random vectors *z1* and *z2* as well as the sparse challenge vector *c*.
 Andreas Steffen
-Andreas Steffen
+A BLISS certificate can be displayed at any time with
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --print --debug 2 --in cacert4.pem
 Andreas Steffen
-Andreas Steffen
+L0 - x509:
-Andreas Steffen
+L1 - tbsCertificate:
-Andreas Steffen
+L2 - DEFAULT v1:
-Andreas Steffen
+L3 - version:
-Andreas Steffen
+  X.509v3
-Andreas Steffen
+L2 - serialNumber:
-Andreas Steffen
+L2 - signature:
-Andreas Steffen
+L3 - algorithmIdentifier:
-Andreas Steffen
+L4 - algorithm:
-Andreas Steffen
+  'BLISS-with-SHA512'
-Andreas Steffen
+L2 - issuer:
-Andreas Steffen
+  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
-Andreas Steffen
+L2 - validity:
-Andreas Steffen
+L3 - notBefore:
-Andreas Steffen
+L4 - utcTime:
-Andreas Steffen
+  'Mar 15 16:58:01 UTC 2015'
-Andreas Steffen
+L3 - notAfter:
-Andreas Steffen
+L4 - utcTime:
-Andreas Steffen
+  'Mar 15 16:58:01 UTC 2025'
-Andreas Steffen
+L2 - subject:
-Andreas Steffen
+  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
-Andreas Steffen
+L2 - subjectPublicKeyInfo:
-Andreas Steffen
+-- > --
-Andreas Steffen
+L0 - subjectPublicKeyInfo:
-Andreas Steffen
+L1 - algorithm:
-Andreas Steffen
+L2 - algorithmIdentifier:
-Andreas Steffen
+L3 - algorithm:
-Andreas Steffen
+  'blissPublicKey'
-Andreas Steffen
+L3 - parameters:
-Andreas Steffen
+L0 - subjectPublicKeyInfo:
-Andreas Steffen
+L1 - algorithm:
-Andreas Steffen
+L2 - algorithmIdentifier:
-Andreas Steffen
+L3 - algorithm:
-Andreas Steffen
+  'blissPublicKey'
-Andreas Steffen
+L3 - parameters:
-Andreas Steffen
+L4 - blissKeyType:
-Andreas Steffen
+  'BLISS-B_IV'
-Andreas Steffen
+L1 - subjectPublicKey:
-Andreas Steffen
+-- < --
-Andreas Steffen
+L2 - optional extensions:
-Andreas Steffen
+L3 - extensions:
-Andreas Steffen
+L4 - extension:
-Andreas Steffen
+L5 - extnID:
-Andreas Steffen
+  'basicConstraints'
-Andreas Steffen
+L5 - critical:
-Andreas Steffen
+  TRUE
-Andreas Steffen
+L5 - extnValue:
-Andreas Steffen
+L6 - basicConstraints:
-Andreas Steffen
+L7 - CA:
-Andreas Steffen
+  TRUE
-Andreas Steffen
+L4 - extension:
-Andreas Steffen
+L5 - extnID:
-Andreas Steffen
+  'keyUsage'
-Andreas Steffen
+L5 - critical:
-Andreas Steffen
+  TRUE
-Andreas Steffen
+L5 - extnValue:
-Andreas Steffen
+L4 - extension:
-Andreas Steffen
+L5 - extnID:
-Andreas Steffen
+  'subjectKeyIdentifier'
-Andreas Steffen
+L5 - critical:
-Andreas Steffen
+  FALSE
-Andreas Steffen
+L5 - extnValue:
-Andreas Steffen
+L6 - keyIdentifier:
-Andreas Steffen
+L1 - signatureAlgorithm:
-Andreas Steffen
+L2 - algorithmIdentifier:
-Andreas Steffen
+L3 - algorithm:
-Andreas Steffen
+  'BLISS-with-SHA512'
-Andreas Steffen
+L1 - signatureValue:
 Andreas Steffen
-Andreas Steffen
+z1 = -734..853, z2d = -3..3
 Andreas Steffen
-Andreas Steffen
+cert:      X509
-Andreas Steffen
+subject:  "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+validity:  not before Mar 15 17:58:01 2015, ok
-Andreas Steffen
+           not after  Mar 15 17:58:01 2025, ok (expires in 3652 days)
-Andreas Steffen
+serial:    55:9c:dd:7d:32:89:99:a8
-Andreas Steffen
+flags:     CA CRLSign self-signed
-Andreas Steffen
+subjkeyId: 47:bd:9e:5e:a8:58:ce:60:14:73:f3:54:7c:e8:28:10:7b:e6:c7:65
-Andreas Steffen
+pubkey:    BLISS 192 bits strength
-Andreas Steffen
+keyid:     1c:a7:5c:94:d1:ee:f6:c7:94:21:18:e5:ef:89:b3:c3:64:42:24:97
-Andreas Steffen
+subjkey:   47:bd:9e:5e:a8:58:ce:60:14:73:f3:54:7c:e8:28:10:7b:e6:c7:65
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. BLISS End Entity Certificate Generation
 Andreas Steffen
-Andreas Steffen
+We are now going to generate a BLISS-I key pair for user Carol:
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --gen --type bliss --size 1 > carolKey.der
 Andreas Steffen
-Andreas Steffen
+secret key generation succeeded after 1 trial
-Andreas Steffen
+</pre>
-Andreas Steffen
+Next we create a self-signed PKCS#10 certificate request
-Andreas Steffen
+<pre>
-Andreas Steffen
+ pki --req --type bliss --in carolKey.der --dn "C=CH, O=strongSwan Project, CN=carol@strongswan.org" --san carol@strongswan.org > carolReq.der
-Andreas Steffen
+</pre>
-Andreas Steffen
+which is used as the input for the CA to create a signed end entity certificate:
-Andreas Steffen
+<pre>
-Andreas Steffen
+ pki --issue --type pkcs10 --in carolReq.der --cacert cacert4.pem --cakey cakey4.pem --crl http://crl.strongswan.org/bliss.crl --flag clientAuth > carolCert.der
-Andreas Steffen
+</pre>
-Andreas Steffen
+and which has the following content
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --print --in carolCert.der
 Andreas Steffen
-Andreas Steffen
+cert:      X509
-Andreas Steffen
+subject:  "C=CH, O=strongSwan Project, CN=carol@strongswan.org"
-Andreas Steffen
+issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+validity:  not before Mar 15 18:04:00 2015, ok
-Andreas Steffen
+           not after  Mar 14 18:04:00 2018, ok (expires in 1094 days)
-Andreas Steffen
+serial:    43:63:44:f0:7f:2f:aa:dc
-Andreas Steffen
+altNames:  carol@strongswan.org
-Andreas Steffen
+flags:     clientAuth
-Andreas Steffen
+CRL URIs:  http://crl.strongswan.org/bliss.crl
-Andreas Steffen
+authkeyId: 47:bd:9e:5e:a8:58:ce:60:14:73:f3:54:7c:e8:28:10:7b:e6:c7:65
-Andreas Steffen
+subjkeyId: cb:b5:c3:d5:00:ba:bb:90:ec:80:99:05:68:72:ae:3b:04:f8:9b:5f
-Andreas Steffen
+pubkey:    BLISS 128 bits strength
-Andreas Steffen
+keyid:     f5:0e:6e:0c:4c:65:ac:03:41:bf:5c:9f:26:d5:52:dc:87:6b:3d:15
-Andreas Steffen
+subjkey:   cb:b5:c3:d5:00:ba:bb:90:ec:80:99:05:68:72:ae:3b:04:f8:9b:5f
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. IKEv2 Public Key Authentication using BLISS Signatures
 Andreas Steffen
-Andreas Steffen
+The "ikev2/rw-ntru-bliss":http://www.strongswan.org/uml/testresults5/ikev2/rw-ntru-bliss/ strongSwan remote-access VPN scenario shows the practical use of IKEv2 public key authentication based on BLISS signatures. The larger size of the BLISS signatures and certificates compared to RSA is not a problem because IKEv2 Message Fragmentation ("RFC 7383":http://tools.ietf.org/html/rfc7383) is being used:
 Andreas Steffen
-Andreas Steffen
+IKE_AUTH Request
-Andreas Steffen
+<pre>
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 13[IKE] sending end entity cert "C=CH, O=Linux strongSwan, OU=BLISS I, CN=carol@strongswan.org"
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 13[IKE] establishing CHILD_SA home
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 13[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 13[ENC] splitting IKE message with length of 3232 bytes into 3 fragments
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (452 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+IKE_AUTH Response
-Andreas Steffen
+<pre>
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 14[ENC] parsed IKE_AUTH response 1 [ EF ]
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 14[ENC] received fragment #1 of 3, waiting for complete IKE message
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 14[ENC] parsed IKE_AUTH response 1 [ EF ]
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 14[ENC] received fragment #2 of 3, waiting for complete IKE message
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (580 bytes)
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ EF ]
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[ENC] received fragment #3 of 3, reassembling fragmented IKE message
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[IKE] received end entity cert "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[CFG]   using certificate "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan_bliss.crl' ...
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[CFG]   crl is valid: until Apr 14 11:08:14 2015
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[CFG] certificate status is good
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[CFG]   reached self-signed root ca with a path length of 0
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[IKE] authentication of 'moon.strongswan.org' with BLISS_WITH_SHA512 successful
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 15[IKE] IKE_SA home[1] established between 192.168.0.100[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]
-Andreas Steffen
+</pre>
-Andreas Steffen
+BTW- the key exchange method used is [[NTRU|NTRU Encryption]] so that the strongSwan IPsec connection setup is not vulnerable to quantum computer based key attacks:
 Andreas Steffen
-Andreas Steffen
+IKE_SA_INIT Request
-Andreas Steffen
+<pre>
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 12[IKE] initiating IKE_SA home[1] to 192.168.0.1
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 12[LIB] 128 bit optimum NTRU parameter set ees439ep1 selected
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 12[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) V ]
-Andreas Steffen
+Mar 15 12:18:03 carol charon: 12[NET] sending packet: from 192.168.0.100[500] to 192.168.0.1[500] (829 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Design Details on BLISS Signatures
 Andreas Steffen
-Andreas Steffen
+* For Gaussian sampling we are using a Bernoulli Sampler as described in "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 but currently not a Cumulative Distribution Table (CDT). This means the Gaussian rejection sampling currently requires a lot of random material which is produced using the "MGF1":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/crypto/mgf1/mgf1.h Mask Generation Function ("RFC 2437":http://tools.ietf.org/html/rfc2437#section-10.2.1) seeded by a true random source. The hash function used with MGF1 is currently SHA-1 for cryptographic strengths up to 160 bits, and SHA-256 for strengths up to 256 bits but we think about generally switching to SHA-512 since that hash function is used for the random oracle used by the BLISS signature anyway and SHA-512 performance is usually superior to SHA-256 on 64 bit platforms.
 Andreas Steffen
-Andreas Steffen
+* In order to minimize the BLISS signature size, a set of [[BlissHuffmanCodes|Huffman Codes]] is used to encode the tuples (abs(z1[i]) >> 8, z2d[i]), with i = 0 .. 511. The sign and lower 8 bits of z1[i] are encoded using a fixed 9 bit field as described by Thomas Pöppelmann, Léo Ducas and Tim Güneysu in "Enhanced Lattice-Based Signatures on Reconfigurable Hardware":http://eprint.iacr.org/2014/254.pdf.
 Andreas Steffen
-Andreas Steffen
+* Measured BLISS Signature Size*
 Andreas Steffen
-Andreas Steffen
+  |Scheme    |Bit-packed  |Partially Huffman-coded     |Compression Rates        |
-Andreas Steffen
+  |BLISS-I   |>.7375 bits |>.5718 .. 5793 .. 5884 bits |>.22.5 .. 21.4 .. 20.2 % |
-Andreas Steffen
+  |BLISS-III |>.7950 bits |>.6093 .. 6167 .. 6255 bits |>.23.4 .. 22.4 .. 21.3 % |
-Andreas Steffen
+  |BLISS-IV  |>.8543 bits |>.6644 .. 6725 .. 6784 bits |>.22.3 .. 21.3 .. 20.6 % |
 Andreas Steffen
-Andreas Steffen
+  *statistics based on a measurement set of 50 signatures, each
 Andreas Steffen
-Andreas Steffen
+h2. ASN.1 Syntax
 Andreas Steffen
-Andreas Steffen
+h3. Object Identifiers
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+id-bliss { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) ita(36906) bliss(5) }
 Andreas Steffen
-Andreas Steffen
+keyType { id-bliss 1 }
 Andreas Steffen
-Andreas Steffen
+blissPublicKey { keyType 1 }
 Andreas Steffen
-Andreas Steffen
+parameters { id-bliss 2 }
 Andreas Steffen
-Andreas Steffen
+bliss-I     = { parameters 1 }
-Andreas Steffen
+bliss-II    = { parameters 2 }
-Andreas Steffen
+bliss-III   = { parameters 3 }
-Andreas Steffen
+bliss-IV    = { parameters 4 }
-Andreas Steffen
+bliss-B-I   = { parameters 5 }
-Andreas Steffen
+bliss-B-II  = { parameters 6 }
-Andreas Steffen
+bliss-B-III = { parameters 7 }
-Andreas Steffen
+bliss-B-IV  = { parameters 8 }
 Andreas Steffen
-Andreas Steffen
+blissSigType = { id-bliss 3 }
 Andreas Steffen
-Andreas Steffen
+blissWithSha512 = { blissSigType 1 }
-Andreas Steffen
+blissWithSha384 = { blissSigType 2 }
-Andreas Steffen
+blissWithSha256 = { blissSigType 3 }
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. BLISS Private Key
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+BlissPrivateKey  ::= SEQUENCE {
-Andreas Steffen
+    parameter OBJECT IDENTIFIER,
-Andreas Steffen
+    public    BIT STRING, -- A
-Andreas Steffen
+    secret1   BIT STRING, -- s1
-Andreas Steffen
+    secret2   BIT STRING  -- s2 }
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+As *parameter* one of the BLISS parameters OIDs *bliss-B-I* .. *bliss-B-IV* is used.
 Andreas Steffen
-Andreas Steffen
+h3. BLISS Public Key
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+SubjectPublicKeyInfo  ::=  SEQUENCE  {
-Andreas Steffen
+    algorithm         AlgorithmIdentifier,
-Andreas Steffen
+    subjectPublicKey  BIT STRING  }
 Andreas Steffen
-Andreas Steffen
+AlgorithmIdentifier  ::=  SEQUENCE  {
-Andreas Steffen
+    algorithm         OBJECT IDENTIFIER,
-Andreas Steffen
+    parameters        OBJECT IDENTIFER }
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+As *algorithm* the *blissPublicKey* OID is used and *parameters* indicates one of the BLISS parameter OIDs *bliss-B-I* .. *bliss-B-IV*.
 Andreas Steffen
-Andreas Steffen
+h2. References
 Andreas Steffen
-Andreas Steffen
+* "BLISS Home":http://bliss.di.ens.fr/ at ENS (École Normale Supérieure)
 Andreas Steffen
-Andreas Steffen
+* "Practical Lattice-based Digital Signature Schemes":http://csrc.nist.gov/groups/ST/post-quantum-2015/presentations/session9-oneill-maire.pdf, NIST Workshop on Cybersecurity in a Post-Quantum World
 Andreas Steffen

Project

General

Profile

strongSwan

Bimodal Lattice Signature Scheme (BLISS) » History » Version 47