Project

General

Profile

Bimodal Lattice Signature Scheme (BLISS) » History » Version 50

Andreas Steffen, 28.07.2015 12:18

1 1 Andreas Steffen
h1. Bimodal Lattice Signature Scheme (BLISS)
2 1 Andreas Steffen
3 16 Andreas Steffen
{{>toc}}
4 16 Andreas Steffen
5 38 Andreas Steffen
BLISS is a post-quantum signature scheme based on the CRYPTO 2013 paper "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 by Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Starting with the strongSwan [[5.2.2]] release we offer BLISS as an IKEv2 public key authentication method. We also added full BLISS key and certificate generation support to the strongSwan [[IpsecPki|pki]] tool. With strongSwan [[5.3.0]] we are upgrading to the improved BLISS-B signature algorithm described in "Accelerating Bliss: the Geometry of Ternary Polynomials":https://eprint.iacr.org/2014/874.pdf by Léo Ducas. This HOWTO is based on the new BLISS-B default scheme. It is possible though to revert to the old BLISS behaviour by setting
6 38 Andreas Steffen
<pre>
7 38 Andreas Steffen
libstrongswan {
8 38 Andreas Steffen
  plugins {
9 38 Andreas Steffen
    bliss {
10 38 Andreas Steffen
      use_bliss_b = no
11 38 Andreas Steffen
    }
12 38 Andreas Steffen
  }
13 38 Andreas Steffen
}
14 38 Andreas Steffen
</pre>
15 40 Andreas Steffen
in strongswan.conf, although we don't see any advantage whatever for doing this.
16 1 Andreas Steffen
17 17 Andreas Steffen
This seamless integration into the strongSwan framework was made possible by the new libstrongswan "bliss plugin":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/show/src/libstrongswan/plugins/bliss completely written in the C programming language without the use of any external libraries and which implements the libstrongswan "public_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/public_key.h and "private_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/private_key.h interfaces.
18 7 Andreas Steffen
19 18 Andreas Steffen
h2. Building strongSwan with BLISS Support
20 18 Andreas Steffen
21 18 Andreas Steffen
If you want to play around with BLISS keys and signatures using the strongSwan [[IpsecPki|pki]] tool please follow the quick software installation HOWTO:
22 18 Andreas Steffen
<pre>
23 47 Andreas Steffen
wget http://download.strongswan.org/strongswan-5.3.0.tar.bz2
24 47 Andreas Steffen
tar xjf strongswan-5.3.0.tar.bz2
25 47 Andreas Steffen
cd strongswan-5.3.0
26 18 Andreas Steffen
./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --enable-bliss
27 18 Andreas Steffen
make
28 18 Andreas Steffen
sudo make install
29 18 Andreas Steffen
</pre>
30 18 Andreas Steffen
31 1 Andreas Steffen
h2. BLISS Private Key Generation
32 1 Andreas Steffen
33 41 Andreas Steffen
strongSwan currently supports the BLISS-B-I, BLISS-B-III, and BLISS-B_IV schemes with a cryptographic strength of 128 bits, 160 bits and 192 bits, respectively. Using the [[IpsecPki|pki]] tool a private BLISS-B-I key can be generated as follows:
34 1 Andreas Steffen
<pre>
35 13 Andreas Steffen
pki --gen --type bliss --size 1 --debug 2 > cakey1.der
36 1 Andreas Steffen
37 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
38 1 Andreas Steffen
mgf1 generated 240 octets
39 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
40 1 Andreas Steffen
mgf1 generated 240 octets
41 41 Andreas Steffen
l2 norm of s1||s2: 771, Nk(S): 44024
42 1 Andreas Steffen
43 41 Andreas Steffen
secret key generation succeeded after 1 trial
44 1 Andreas Steffen
</pre>
45 41 Andreas Steffen
With the command
46 1 Andreas Steffen
<pre>
47 1 Andreas Steffen
pki --print --type bliss-priv --in cakey1.der
48 13 Andreas Steffen
49 1 Andreas Steffen
private key with:
50 1 Andreas Steffen
pubkey:    BLISS 128 bits strength
51 41 Andreas Steffen
keyid:     66:5d:b6:ae:85:b6:32:1b:9a:7e:2c:ed:c7:6a:4d:68:f0:3a:ec:77
52 41 Andreas Steffen
subjkey:   50:c5:a5:b0:21:e2:a8:13:12:ba:7c:87:f3:3f:ab:90:ad:2c:4d:c2
53 1 Andreas Steffen
</pre>
54 1 Andreas Steffen
information on the BLISS private key is displayed.
55 1 Andreas Steffen
56 41 Andreas Steffen
Let's now generate a BLISS-B-IV key with 192 bit cryptographic strength in base64-encoded PEM format
57 1 Andreas Steffen
<pre>
58 1 Andreas Steffen
pki --gen --type bliss --size 4 --outform pem  > cakey4.pem
59 41 Andreas Steffen
secret key generation succeeded after 1 trial
60 1 Andreas Steffen
</pre>
61 1 Andreas Steffen
The PEM key format is printable
62 1 Andreas Steffen
<pre>
63 1 Andreas Steffen
cat cakey4.pem
64 1 Andreas Steffen
65 1 Andreas Steffen
-----BEGIN BLISS PRIVATE KEY-----
66 41 Andreas Steffen
MIIFGgYLKwYBBAGCoCoFAggDggOBAFPFQxsmKwFTjeebvilsNgguxG6vs6EWIyWi
67 41 Andreas Steffen
RUkzxZ3BZVy2Oya/9jkMO4O5W/TM5C5vKf0ADlu4fVzU2drT9YA6LzeJIhlWmHu0
68 41 Andreas Steffen
ISD9s3Q6pf5NxpvKKFiqjA8ePHFk2iIJQ+DbA9VCtYzM0BOz11+blrl4zOeHp2Am
69 41 Andreas Steffen
lmkQwW1OTYejkOBEdGFFuwpVbLXL0XTj4KPZB9icIU48VVh2fS/fOjSRyVhruzVO
70 41 Andreas Steffen
6QQtHeCE6p0HLQCpYsw4i93KaYyoS9tDK5Ia/TGWcpp9Sih4k60iJAEusftoijJl
71 41 Andreas Steffen
hq41uiUgVd7vpeaWBoMurUODR4aYMiNF2eCGuPTC+76hpZ4h91TmZ7ASuoATl57E
72 41 Andreas Steffen
XN3wY61OuLW+CiTlHZsfddmTRyWbtp5t0Ckk2RaoEsCvU/22csb3Z4CkASoJawVB
73 41 Andreas Steffen
i6VeQPtTr9cfUDb4mhSOv7LRZmjkkqyl5FduVOw3BePVZGqHZLrLdZ1AAbAtoel9
74 41 Andreas Steffen
FYZ/EBEbQpGVEEWwm98tsFeIp2JWUCA9bOdzlOsoJ6mmgz9fKXDQBsv+DeOSkXNo
75 41 Andreas Steffen
yKJ0EnXh6J5iPG6gtvoRVwGLfL0Yqcl7nkB5UUGWdQC2PNKZEAW2zVg5Wx4ALtgI
76 41 Andreas Steffen
qKhqyH5S29X4LoCqut6TuU8PYjKMlr9G8pK5kfXx3/A1/iD15m5esYBRmkddMRsK
77 41 Andreas Steffen
w3XdASNeHOeVfFU6FgKe+hYQhCTBgZGN3CFRtRhWbV7NES2DRkxiIgFWYrfRgLt/
78 41 Andreas Steffen
pobwJcL4VqwQQiSD83isZaHNRKJ+WttYKpQmTQk/ycYpD1DJ98Kw1LeyfTXxvtv8
79 41 Andreas Steffen
prSQekPNXHeyN8fXDgZmpLIBdOyutO5uelVV/ovsLGtmSQehXXvLj9IoETxtsnYj
80 41 Andreas Steffen
XpQU86hCaOl8ZLaASUhrqqBe0nQYB5Utr7P7YaxrfYYoiCEZZrLR9oIWNHYMiev2
81 41 Andreas Steffen
FCkQie3mrOb9K5AJo3DnfyumrNjOxq2a8N9WHRaDGrKT+l3gVJysxebExLNJsOHU
82 41 Andreas Steffen
89DZcnA3ulxmxoMdH/KzGMd9bjCIf0xNltRhULrBoShlhBElqK8znFHWhGmdbWhe
83 41 Andreas Steffen
0C3kKzApp5MebesGOdUT/U/ylUKPyINd90cqQESjHe+WibikN4WCcihiBRzvexQG
84 41 Andreas Steffen
klrkgqhAxL9ZX4SFWtzLsiSIpmWJUaY72vwo2TuA5un+Xq3yi7YtBggaRjg86Yiv
85 41 Andreas Steffen
tDsRFpMAA4HBAByACgOQOAOCBz0AD+AT+QCQB+OgPx/wAOP+QQAeeAR+AAAFwACO
86 41 Andreas Steffen
CAAByOgAQOBz+AAPyNwCRwAD+h+QCPxyATx+QPxyACATweCRzwAACQAPyCQOOeQA
87 41 Andreas Steffen
OOOgPyCQAieCQARigBxwB9geMPxwCRiDxgVwEEAAOAB+eP+CMCR+OCgCMRwPwB+A
88 41 Andreas Steffen
RwAhwQBzhyRzyBx+QQCACEAfyOPwP/ifiDwSAhwCDyCCAQSAfhwMAeQBwSAACAAD
89 41 Andreas Steffen
+CCeOUACeCASAAOBwQAAYAf/oEc8A8fkgAAfgEEHkEADfgn4AAAjk8gcAEEADgDo
90 41 Andreas Steffen
ccEg/fj8EkAcfkAEEgAo4EADnEIcnnjgEgAnkcEnggEcbgDhAAcdAcEAAAgA8AEk
91 41 Andreas Steffen
8rgAjkdAAAHgAgdckAEIADBfgAA4HgYgD8EjgDkAcAEgEHn/8AA8gHgA8cEEcAAk
92 41 Andreas Steffen
fgggAf84AAAgBEj8jlD8AEcoADjgc/gDkgAk/gAdAg8A78ADAEgYgg8gEbngkc8/
93 41 Andreas Steffen
ggAnkjhcHggAkEgj8Ak=
94 3 Andreas Steffen
-----END BLISS PRIVATE KEY-----
95 3 Andreas Steffen
</pre>
96 42 Andreas Steffen
At last let's generate a BLISS-B-III key with a cryptographic strength of 160 bits with the highest debug level enabled:
97 3 Andreas Steffen
<pre>
98 3 Andreas Steffen
pki --gen --type bliss --size 3 --debug 4 > cakey3.der
99 3 Andreas Steffen
100 3 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
101 1 Andreas Steffen
mgf1 generated 380 octets
102 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
103 41 Andreas Steffen
mgf1 generated 420 octets
104 41 Andreas Steffen
l2 norm of s1||s2: 1397, Nk(S): 134554
105 13 Andreas Steffen
106 41 Andreas Steffen
S1[374] is zero - s1 is not invertible
107 41 Andreas Steffen
108 41 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
109 41 Andreas Steffen
mgf1 generated 400 octets
110 41 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
111 41 Andreas Steffen
mgf1 generated 400 octets
112 41 Andreas Steffen
l2 norm of s1||s2: 1397, Nk(S): 150444
113 41 Andreas Steffen
114 41 Andreas Steffen
secret key generation succeeded after 2 trials
115 41 Andreas Steffen
116 3 Andreas Steffen
   i   f   g     a     F     G     A
117 41 Andreas Steffen
   0   0  -1 11349  7348  7670  2988
118 41 Andreas Steffen
   1   1   0  7974  3185  4952 11025
119 41 Andreas Steffen
   2   0  -2  8985  2527  9470  4541
120 41 Andreas Steffen
   3   1  -2  7381 10610 11589  2467
121 41 Andreas Steffen
   4   0   0    24  6142  3407  1095
122 41 Andreas Steffen
   5   0   0   660  5787  7097  4552
123 41 Andreas Steffen
   6  -2   0  7663   996  8919   120
124 41 Andreas Steffen
   7   0   0 11446  2979  5879  5439
125 41 Andreas Steffen
   8   0   0 10761  9288  6406 11689
126 41 Andreas Steffen
   9   1   2 10655  5145  9566 11720
127 41 Andreas Steffen
  10  -1  -2  2239 12023  2977   497
128 41 Andreas Steffen
  11   1  -2  8056  9625   769  1665
129 41 Andreas Steffen
  12  -1   0 12073 10413  8267  7745
130 41 Andreas Steffen
  13   0   0 10423  7043  8384   659
131 41 Andreas Steffen
  14  -1   0  2927  4462  1895  3870
132 41 Andreas Steffen
  15   0  -2  8350 10004  5363  2321
133 41 Andreas Steffen
  16   0   0  8719  8405  9805  4329
134 41 Andreas Steffen
  17   0   0   126    16 11765  9184
135 41 Andreas Steffen
  18   1   0 11077  7415 10462 12186
136 41 Andreas Steffen
  19   0   0 10321 10888  9001  9002
137 41 Andreas Steffen
  20   0   0 11406 12197  2320  2112
138 41 Andreas Steffen
  21  -1   0  2382  8071 11316  6203
139 41 Andreas Steffen
  22   0   0 11952  2522  7713  2532
140 41 Andreas Steffen
  23  -1   0  3121  3838  1919  6145
141 41 Andreas Steffen
  24   0   2  3530  7422  3780  6905
142 41 Andreas Steffen
  25  -1   0  1229  3845  2506  2337
143 41 Andreas Steffen
  26  -1   2  1278   246 10767  6488
144 41 Andreas Steffen
  27   0   0  1031  8302  2463 11225
145 41 Andreas Steffen
  28   0  -2  6091 11836  4336  2866
146 41 Andreas Steffen
  29   0   0  9763 11818  1023  5477
147 41 Andreas Steffen
  30   1   0  3533 11202 11192   815
148 41 Andreas Steffen
  31  -2   0  2485  9375  1396  1096
149 41 Andreas Steffen
  32   0   2  7774  9256 11751  4761
150 41 Andreas Steffen
  33   1  -2  5705   105  8018  5109
151 41 Andreas Steffen
  34   1  -2  1310  1037 11693  6138
152 41 Andreas Steffen
  35   0   2  3963 11119  7278  9888
153 41 Andreas Steffen
  36  -1   0  2664   716  7917  2946
154 41 Andreas Steffen
  37   0  -2  2310  7971 11642 12218
155 41 Andreas Steffen
  38   0   0  9219 11411  7807  8627
156 41 Andreas Steffen
  39   0   0  5358  9175 10240  7187
157 41 Andreas Steffen
  40   0   0  9739 11874 10139 11850
158 41 Andreas Steffen
  41   1   2  8814 10927 12043   325
159 41 Andreas Steffen
  42   0   0  7933 11743  3920  9761
160 41 Andreas Steffen
  43  -2   0   251  6664  6850  4969
161 41 Andreas Steffen
  44   0   0  3754  5561  1275  4389
162 41 Andreas Steffen
  45   0   0  4863  4628 11852  5770
163 41 Andreas Steffen
  46   0   0  9053  8612  8420  4162
164 41 Andreas Steffen
  47   0  -2  7268  6093  2250 12126
165 41 Andreas Steffen
  48  -1   0  3867  7439 10172 11395
166 41 Andreas Steffen
  49   0   0  1877  8716  2985  4663
167 41 Andreas Steffen
  50   0   2  4520   140  3538  6872
168 41 Andreas Steffen
  51  -1  -2 12012  7676  9229  8965
169 41 Andreas Steffen
  52   1   0 11243  1199  5329  3192
170 41 Andreas Steffen
  53   0   0  3816  4823  4210  2768
171 41 Andreas Steffen
  54   0   0 11185  7269 11376 10485
172 41 Andreas Steffen
  55   0  -2   368  6947  8326  6955
173 41 Andreas Steffen
  56   0   0 12276 11097  9506  5786
174 41 Andreas Steffen
  57   0   0  1482  7994  2714 10832
175 41 Andreas Steffen
  58   0   0  8790  4355  2509  5980
176 41 Andreas Steffen
  59   0   0  2592  5059 10875 12262
177 41 Andreas Steffen
  60   1   2   741  7578  6721  5847
178 41 Andreas Steffen
  61  -1   0  5401  2769  1664  5597
179 41 Andreas Steffen
  62  -1  -2  3498  3562  8160  1127
180 41 Andreas Steffen
  63   0   4  9783  9751  4934   153
181 41 Andreas Steffen
  64   1   2   562 10232  3792  2585
182 41 Andreas Steffen
  65   0   2  5623  3669   816  8702
183 41 Andreas Steffen
  66   0   0  6817  2897  3255   595
184 41 Andreas Steffen
  67   0   2  4920  4356  5602  2309
185 41 Andreas Steffen
  68   1   2  1443  8246  1837  9328
186 41 Andreas Steffen
  69  -1   2  8830  8527 10087 11388
187 41 Andreas Steffen
  70   1   2  8318   386  8777 10115
188 41 Andreas Steffen
  71   0   0  4835  3976  8200  6604
189 41 Andreas Steffen
  72   0   0 12193  2774  9810  4345
190 41 Andreas Steffen
  73   0  -2  5217  4530  5891  2120
191 41 Andreas Steffen
  74   0  -2  2158  1444  8147  8082
192 41 Andreas Steffen
  75   0   0  6172  6249  9683  3797
193 41 Andreas Steffen
  76   0  -2  3351  2755  4435 10774
194 41 Andreas Steffen
  77   0   0  1795  5593  7010  2249
195 41 Andreas Steffen
  78   0   0  6378  6529  2449  3586
196 41 Andreas Steffen
  79   1   0  3282  8543  8791  6877
197 41 Andreas Steffen
  80   0   0  5941  2515  3404  2122
198 41 Andreas Steffen
  81   0   0  9619   226  4829   402
199 41 Andreas Steffen
  82   0   0  3819  1636  3669  5343
200 41 Andreas Steffen
  83   0   0 10054 10341  5815  9832
201 41 Andreas Steffen
  84  -1  -2  5846  1459  6451  1689
202 41 Andreas Steffen
  85   0   0  7204  2539  4867  2209
203 41 Andreas Steffen
  86   0   0  5750  2023   198  8863
204 41 Andreas Steffen
  87  -1   2  6261  5977 12147   331
205 41 Andreas Steffen
  88   0   0  3021  2021  2604  1412
206 41 Andreas Steffen
  89   0   2  7572  3901  5291 12199
207 41 Andreas Steffen
  90   1  -2  3971 10971  5040  6150
208 41 Andreas Steffen
  91  -1   0  3481  7683  7127  5588
209 41 Andreas Steffen
  92   0   0  3473 10868  6948 11869
210 41 Andreas Steffen
  93   0   2  6995   549  8855  4202
211 41 Andreas Steffen
  94   0   0  7016  7421  1258  1782
212 41 Andreas Steffen
  95   1   2 12142  5614 12132  5085
213 41 Andreas Steffen
  96   1   0   297 11408 10263  5819
214 41 Andreas Steffen
  97   1  -2  4317   569  1661  4560
215 41 Andreas Steffen
  98   0   2 11899  8600  5015  2094
216 41 Andreas Steffen
  99   1   0  5837   554  9502  5474
217 41 Andreas Steffen
 100  -1  -2  3375  3281  8625  7400
218 41 Andreas Steffen
 101   1   0  6925   720  9235 10339
219 41 Andreas Steffen
 102   0  -2 11463 11460  3152  8935
220 41 Andreas Steffen
 103  -1  -2   996  3541  9592  4202
221 41 Andreas Steffen
 104   0  -2  2977  4667  4746  6684
222 41 Andreas Steffen
 105   0   2  3324 10226  9780  6935
223 41 Andreas Steffen
 106  -1   2 12127 10743 12252  3426
224 41 Andreas Steffen
 107   0  -2  9795 10231  6839  4720
225 41 Andreas Steffen
 108   0  -2  2889  3500  3258 10106
226 41 Andreas Steffen
 109  -1   4  8087  6380  5416  6311
227 41 Andreas Steffen
 110   1  -2 10557  3805  1796  5365
228 41 Andreas Steffen
 111   1   2  5909 10540  3107  6083
229 41 Andreas Steffen
 112   0   0 10442  3605  1555  2523
230 41 Andreas Steffen
 113   0   2  4226  1933  5029  6252
231 41 Andreas Steffen
 114  -1   2  5275    89  7465  3812
232 41 Andreas Steffen
 115  -1   0  6815 10334   200 11126
233 41 Andreas Steffen
 116   1   2  8730  6104  4971  2153
234 41 Andreas Steffen
 117  -1  -2 11235 12105  8587   688
235 41 Andreas Steffen
 118   0  -2  1258  4392   665  3646
236 41 Andreas Steffen
 119   0   0  2480  3460  8326  2652
237 41 Andreas Steffen
 120   1   0  1216 12123  2535   651
238 41 Andreas Steffen
 121   0   2   857  2091   562  1352
239 41 Andreas Steffen
 122   0  -2  3169  4464  2919  6236
240 41 Andreas Steffen
 123   1   0 10107  2680  1350  8667
241 41 Andreas Steffen
 124   0  -4 10308  2108  9352   704
242 41 Andreas Steffen
 125   1   2   878 11994  2136  3492
243 41 Andreas Steffen
 126   0  -2  3800  8913  4121  2070
244 41 Andreas Steffen
 127  -1   0  2443 12112  7839   164
245 41 Andreas Steffen
 128   0  -2 11654  9227  7360  9710
246 41 Andreas Steffen
 129   0   2 11660 11240 10772  2157
247 41 Andreas Steffen
 130   1   0 11564   268 12057  4768
248 41 Andreas Steffen
 131   0   2  8890 10527 10742  1333
249 41 Andreas Steffen
 132  -1  -2  9912 11312  4630  8146
250 41 Andreas Steffen
 133  -1   0 11456  6000  2141  4365
251 41 Andreas Steffen
 134   2   0  7960  7033  8674  7036
252 41 Andreas Steffen
 135  -1   0  8533  2433  6170 11842
253 41 Andreas Steffen
 136   1  -2  1397  9385  6566  9096
254 41 Andreas Steffen
 137   0   0  3543 10922  5370    59
255 41 Andreas Steffen
 138   0   2   691  8292  8171  7134
256 41 Andreas Steffen
 139   0   0  2713  3104  9141  2707
257 41 Andreas Steffen
 140   0  -4  1268  2361  6871   513
258 41 Andreas Steffen
 141   1   2 11076  6984  2153   815
259 41 Andreas Steffen
 142   0   0 11657  3591  7098  2661
260 41 Andreas Steffen
 143   1   2  2834  4083  3018  1617
261 41 Andreas Steffen
 144   0   0  8185  6619   366  9415
262 41 Andreas Steffen
 145  -1  -2  1494 11839  6863   449
263 41 Andreas Steffen
 146   0  -2  1832 10258  7230  3046
264 41 Andreas Steffen
 147   0   0 10931   383  4893 12013
265 41 Andreas Steffen
 148   0  -4  8238  6439  4367  1371
266 41 Andreas Steffen
 149   0   2  8006  2974 11322   260
267 41 Andreas Steffen
 150   0   0  3541  8377  6324  2901
268 41 Andreas Steffen
 151   0  -2   687   330  6124  7243
269 41 Andreas Steffen
 152   0  -2  5192 10152  4457 10671
270 41 Andreas Steffen
 153   0   0  8674  3299  1218   317
271 41 Andreas Steffen
 154  -1  -2  1498    19  1224  1358
272 41 Andreas Steffen
 155   1   0   472  2029  5208 12231
273 41 Andreas Steffen
 156   1   2 11731  6425  7592  7694
274 41 Andreas Steffen
 157   0   2  2261  2600 10784  4466
275 41 Andreas Steffen
 158   0  -2  1898 10580  1586  6744
276 41 Andreas Steffen
 159   0  -2  2031  4303  4379  9674
277 41 Andreas Steffen
 160   0   2  8153  5295  3898  8827
278 41 Andreas Steffen
 161   0   2  2277  6730 11103  7512
279 41 Andreas Steffen
 162   0   0  7728  5951  8617  5449
280 41 Andreas Steffen
 163  -1   0  3329  9973  2756  3798
281 41 Andreas Steffen
 164   0   4  4018  4540   262  7747
282 41 Andreas Steffen
 165   2  -2 10665  6550   101  8895
283 41 Andreas Steffen
 166   0  -2   312  5809  4027  6453
284 41 Andreas Steffen
 167   0   0  3681 11662  4601  3795
285 41 Andreas Steffen
 168   0   0   500  5083  3045 10237
286 41 Andreas Steffen
 169  -1  -2  8154  3232 10955  7992
287 41 Andreas Steffen
 170   0   0 11548  6348  5285 12164
288 41 Andreas Steffen
 171   1   0  6451    22   780  3387
289 41 Andreas Steffen
 172   1   0  5800  5147 11929  9887
290 41 Andreas Steffen
 173   1  -2  8134 11119  9744  1000
291 41 Andreas Steffen
 174   0   0  5101  7573  9100   415
292 41 Andreas Steffen
 175   1   0  9541  6816  2627  7553
293 41 Andreas Steffen
 176   1  -2 10032  6407  7662  3751
294 41 Andreas Steffen
 177  -1   2  8100  1861  3525 10574
295 41 Andreas Steffen
 178   0  -2 10999  5885  8924  7590
296 41 Andreas Steffen
 179  -1   0 11795 11656  5412 11931
297 41 Andreas Steffen
 180   0   0  1342  2873  8302  5833
298 41 Andreas Steffen
 181   0   0  8856 10345  7649  3593
299 41 Andreas Steffen
 182   0   0  7741  1590  4966 10870
300 41 Andreas Steffen
 183   0  -2  3478  2035 10096    11
301 41 Andreas Steffen
 184   1   0  8425  2564  3099  9055
302 41 Andreas Steffen
 185   1   0  4004  5338  6973 11648
303 41 Andreas Steffen
 186   0   0  4081   397  5788  3141
304 41 Andreas Steffen
 187   1  -2  6047  6044  3975  7664
305 41 Andreas Steffen
 188   0   2   975  9088  8057  9530
306 41 Andreas Steffen
 189  -1  -2  3775  8502  1657  2826
307 41 Andreas Steffen
 190   0   0    72  5348 10522  5788
308 41 Andreas Steffen
 191  -1   2  9402  7182 10043 10824
309 41 Andreas Steffen
 192  -2  -2  8696  2259   176   642
310 41 Andreas Steffen
 193   1   0  3219 10202    91  8120
311 41 Andreas Steffen
 194   0   0  7399  8460  5181  3038
312 41 Andreas Steffen
 195   1   0 10700  3012  2362  4856
313 41 Andreas Steffen
 196   1   0  4992 11439 10921   551
314 41 Andreas Steffen
 197   0   0  5563  1953  8425   923
315 41 Andreas Steffen
 198   0  -2  6322  5002 10435  5611
316 41 Andreas Steffen
 199  -1   2  5331  3700  5755  6993
317 41 Andreas Steffen
 200   0   2  5020  6081  4634  8539
318 41 Andreas Steffen
 201   0  -2  1731  4572  2581  9642
319 41 Andreas Steffen
 202   0   2 11300 11624  8550  8765
320 41 Andreas Steffen
 203   0   0  2415  4285   437  5756
321 41 Andreas Steffen
 204   0   0  1692  2723  3419  8567
322 41 Andreas Steffen
 205  -1   2 11041  8154   463  1789
323 41 Andreas Steffen
 206   0   0   229   879   660  9941
324 41 Andreas Steffen
 207   0   0 10044  8647  6406 10013
325 41 Andreas Steffen
 208   0  -2  5036 10770  3797  9730
326 41 Andreas Steffen
 209   0   2   128   719  6480  5034
327 41 Andreas Steffen
 210  -1   0  1769 10401  2634  1730
328 41 Andreas Steffen
 211  -1   0  7590  6692 10502  6910
329 41 Andreas Steffen
 212   0   0  9672  8222  8598  1131
330 41 Andreas Steffen
 213   1   0  3125  9161  4272  2293
331 41 Andreas Steffen
 214   1   0  6486  6086 10033  4450
332 41 Andreas Steffen
 215   0   2  4166 11350  4036 10531
333 41 Andreas Steffen
 216   1   0 10082 11068 11523  7992
334 41 Andreas Steffen
 217   0   2  7985  9711  4620  1352
335 41 Andreas Steffen
 218   0  -2  4946    35   768  6342
336 41 Andreas Steffen
 219   2   0  9774  8732  5103  7354
337 41 Andreas Steffen
 220  -1   0  3980  4302   175 11772
338 41 Andreas Steffen
 221  -1   0  3136 10258  9525  3299
339 41 Andreas Steffen
 222   1   0 10184 11483  7139  6837
340 41 Andreas Steffen
 223   0   2  7193  5495  9627  3249
341 41 Andreas Steffen
 224   0   2  4553 10654  1257  8703
342 41 Andreas Steffen
 225   0   2  7386  1794  2317  7187
343 41 Andreas Steffen
 226  -1   2   307 11685   515  5106
344 41 Andreas Steffen
 227  -2  -2  7122  9559  7718 11755
345 41 Andreas Steffen
 228  -1   2  3466  4578   320  9143
346 41 Andreas Steffen
 229   0   0  5051 11084  5008  1495
347 41 Andreas Steffen
 230   0   2 10973  1782  6396   707
348 41 Andreas Steffen
 231   1   0  1035  6457  5457  9829
349 41 Andreas Steffen
 232   1   2  4754  1143  5864  6112
350 41 Andreas Steffen
 233   0   2  5311  9348  7515  8484
351 41 Andreas Steffen
 234   0   2  3745 10143  2071  5422
352 41 Andreas Steffen
 235   0   0   225 10115   234  5223
353 41 Andreas Steffen
 236   0  -4 12167  3220 10760   156
354 41 Andreas Steffen
 237   0   0  5150  9392  6587  1703
355 41 Andreas Steffen
 238   0   0 11547  8431  3214  9415
356 41 Andreas Steffen
 239   0   0 10851  7709  8050  7538
357 41 Andreas Steffen
 240  -1  -2   874  4765  4964   424
358 41 Andreas Steffen
 241   1  -2 10600  1689   176  6010
359 41 Andreas Steffen
 242   1   0  5997  7556  2161  3323
360 41 Andreas Steffen
 243   0   0 11136  1266  1123  4767
361 41 Andreas Steffen
 244   1   2  8554  2615  8070   708
362 41 Andreas Steffen
 245   0   0  5773   555  5168  7272
363 41 Andreas Steffen
 246   1   0  9508  9446  7790   235
364 41 Andreas Steffen
 247  -1   0  3106  4221  6747  8893
365 41 Andreas Steffen
 248   0  -2   241  6515  5228  7759
366 41 Andreas Steffen
 249   0   0  1974 11662  7592  5613
367 41 Andreas Steffen
 250  -1  -2  3428  1764 10330 11640
368 41 Andreas Steffen
 251   1   0  4655  1942  1732  6215
369 41 Andreas Steffen
 252   0   0 11761  3245  3177   463
370 41 Andreas Steffen
 253   0   2  2542 10529 10352  4798
371 41 Andreas Steffen
 254   0   0 12279  9976  8184  1686
372 41 Andreas Steffen
 255   0   2  3742 10902  6628  4000
373 41 Andreas Steffen
 256  -1   0  6807  3116  6784  5492
374 41 Andreas Steffen
 257   1   0   901  3092  5803  7605
375 41 Andreas Steffen
 258  -1   2  5324  1193 11349  9919
376 41 Andreas Steffen
 259   0   0  2529  2195    55  4199
377 41 Andreas Steffen
 260   0   2   864 12240 10142  1047
378 41 Andreas Steffen
 261   0  -2  1873  5812  8077 11544
379 41 Andreas Steffen
 262   0   2  6561  6540   574  2394
380 41 Andreas Steffen
 263   0   0 11716   386  2798 10004
381 41 Andreas Steffen
 264  -1  -2  9511  6119  7103  8637
382 41 Andreas Steffen
 265   0   0  2030  2719  3742 11400
383 41 Andreas Steffen
 266   0   0  3930  7307  6651   307
384 41 Andreas Steffen
 267   1   0  9365 12108 10182 10128
385 41 Andreas Steffen
 268   0   0  3050  9623   605 10173
386 41 Andreas Steffen
 269  -1  -2  2608  3226  7810  7644
387 41 Andreas Steffen
 270   1   2  1443 10911  8826  9411
388 41 Andreas Steffen
 271   1   2  5348  5689   732  8915
389 41 Andreas Steffen
 272  -1   0 10309  9547  3782  4821
390 41 Andreas Steffen
 273  -1   0  7011  2137   329  5860
391 41 Andreas Steffen
 274   1   0   425   151  3881  1572
392 41 Andreas Steffen
 275  -1  -2  9483  3656  9352  8742
393 41 Andreas Steffen
 276  -1   2   467 11338  1738 10323
394 41 Andreas Steffen
 277   1   0  9537  2935 11057  4262
395 41 Andreas Steffen
 278  -1   2  2982  4478  9997  4813
396 41 Andreas Steffen
 279   0   0  7618  2654   704  6455
397 41 Andreas Steffen
 280   1  -2  6020  6996   514  3587
398 41 Andreas Steffen
 281   0   0   247  2408  9281  7266
399 41 Andreas Steffen
 282   0   0  9312  8448  1433   150
400 41 Andreas Steffen
 283  -1   2  8888   579  2432  2254
401 41 Andreas Steffen
 284   0  -2   680  8265  7767  2316
402 41 Andreas Steffen
 285   0   0 11315  3768  4554  8944
403 41 Andreas Steffen
 286  -1   0  5306  2299  8412  4745
404 41 Andreas Steffen
 287   1   0  7061  9470 10690  5659
405 41 Andreas Steffen
 288   1  -2 12278  9451  2537  6516
406 41 Andreas Steffen
 289  -1  -2  6029  4153  8159   650
407 41 Andreas Steffen
 290   0   0    83  5244   380  3384
408 41 Andreas Steffen
 291   1   0   444  3466  8086   832
409 41 Andreas Steffen
 292   0   2   625 11105  9360  7133
410 41 Andreas Steffen
 293  -1   2 10950  1635  7226  3056
411 41 Andreas Steffen
 294   0   0   601   153  7982  9289
412 41 Andreas Steffen
 295   0   0  4177  5547  8758  3163
413 41 Andreas Steffen
 296   0  -2  8037 12168  6842  3295
414 41 Andreas Steffen
 297   0   2  9675  2582  5677  8555
415 41 Andreas Steffen
 298   0  -4 11275  5739 12176  6910
416 41 Andreas Steffen
 299   0   0  8556   449  9059 11926
417 41 Andreas Steffen
 300   1  -2  7028  8263  4462  1403
418 41 Andreas Steffen
 301   1   0  9851  9816 10642  3504
419 41 Andreas Steffen
 302  -1   0  3040 12216  8553  2913
420 41 Andreas Steffen
 303  -1   4  2910  3848 11681 12110
421 41 Andreas Steffen
 304   1   0  1841 10354  4153  1376
422 41 Andreas Steffen
 305  -1   0 12210  4975  2286  5252
423 41 Andreas Steffen
 306   0   0  8918  9177  1954   260
424 41 Andreas Steffen
 307  -2   0  6909  6209  8913  5854
425 41 Andreas Steffen
 308  -1  -2  6292   703  6706 11879
426 41 Andreas Steffen
 309   1   2 11570 11111  6320  5315
427 41 Andreas Steffen
 310   0   0  5052   592  4939 12069
428 41 Andreas Steffen
 311  -1   0 10922 12185  9127  2630
429 41 Andreas Steffen
 312   0   2  7576 10464  9782  2944
430 41 Andreas Steffen
 313  -1   0  3680   366  4320  8876
431 41 Andreas Steffen
 314   1  -2  1219  3469  6931  5376
432 41 Andreas Steffen
 315   1   0  3550 10768  4531  1823
433 41 Andreas Steffen
 316  -2  -2  1658  7879 11165    95
434 41 Andreas Steffen
 317   0   0  2694  1931  5154  4973
435 41 Andreas Steffen
 318   0   0  1040   460  8549  3732
436 41 Andreas Steffen
 319  -1   0  8606  6308  8514  5351
437 41 Andreas Steffen
 320   0  -2  8549  1116 10216  4590
438 41 Andreas Steffen
 321   0   2  3357  8573  9508  1479
439 41 Andreas Steffen
 322   1  -2  6401  9086  5806   731
440 41 Andreas Steffen
 323   0   4  8810   541  1047 10610
441 41 Andreas Steffen
 324   0   0 12091  1342  9191 11664
442 41 Andreas Steffen
 325  -1  -2  3353  7216  6908  4422
443 41 Andreas Steffen
 326   1  -2  6423  5847  1781  4290
444 41 Andreas Steffen
 327  -1   0  2085  6979  3705 10865
445 41 Andreas Steffen
 328   0   0  4054  9659  7199  5282
446 41 Andreas Steffen
 329   0   0  4131  7411  9499   318
447 41 Andreas Steffen
 330   0   0  4228  5354 10302  4744
448 41 Andreas Steffen
 331   0   0  2544 11482 10185  2500
449 41 Andreas Steffen
 332  -1   0    83  4027 11600   778
450 41 Andreas Steffen
 333   0   2 10980   846  4210 11190
451 41 Andreas Steffen
 334  -1   0  9362  3868   220  7803
452 41 Andreas Steffen
 335  -1   0 11475  1085  1224  2878
453 41 Andreas Steffen
 336  -1   0  5423   164  3901  9840
454 41 Andreas Steffen
 337   0   2  4383  2284 10899  9200
455 41 Andreas Steffen
 338   0   0  3723   899 11100 10702
456 41 Andreas Steffen
 339   1   0  7305  7082  5684 11561
457 41 Andreas Steffen
 340   1   0  2908 11634  2989  2078
458 41 Andreas Steffen
 341   0  -2 10159  3082  8672  8767
459 41 Andreas Steffen
 342   1   2  4147  6030  3925  7103
460 41 Andreas Steffen
 343   0   2  6503  8183  7428  7283
461 41 Andreas Steffen
 344   0  -4  1540  5385  3648  7333
462 41 Andreas Steffen
 345   1   0  6989  2881 10619  8603
463 41 Andreas Steffen
 346   0   0  2902 12009   698  5352
464 41 Andreas Steffen
 347   0  -2  7777  8639  1878  8255
465 41 Andreas Steffen
 348   0  -2  7904  2306  2389 10217
466 41 Andreas Steffen
 349   0   0  3969  2527  9120   558
467 41 Andreas Steffen
 350   0   0   228  8105  1127 10594
468 41 Andreas Steffen
 351   0   0  7932  1438  2928  6326
469 41 Andreas Steffen
 352   0   2  7927 11962  2097  5518
470 41 Andreas Steffen
 353   0   0 11544  2417  5795 10400
471 41 Andreas Steffen
 354   0   0 10459  8131 11956  4921
472 41 Andreas Steffen
 355   0   0   312 11086  5587  7238
473 41 Andreas Steffen
 356   0   0  1452 11546  4140   441
474 41 Andreas Steffen
 357   0  -2  7851  5803  9477   584
475 41 Andreas Steffen
 358   0  -2 11293 10761 10615  6033
476 41 Andreas Steffen
 359   1  -2  2858 11927  9839  5031
477 41 Andreas Steffen
 360  -1   4   359  6204  6880  4866
478 41 Andreas Steffen
 361  -1   0  6279  3716  1209  1677
479 41 Andreas Steffen
 362  -1   2  1054  5481  3774  3606
480 41 Andreas Steffen
 363   0   0  4712  8559  7160  6192
481 41 Andreas Steffen
 364   1   0  6108 11892   260  5014
482 41 Andreas Steffen
 365  -2   0  7497  2298   580 11947
483 41 Andreas Steffen
 366   0  -2   763  7812  2847  3167
484 41 Andreas Steffen
 367   0   0 11981  4945  8923  6657
485 41 Andreas Steffen
 368   0   0  8100  6595 12018  5346
486 41 Andreas Steffen
 369   0  -2  5488  1311 11385  5183
487 41 Andreas Steffen
 370   0   2  1659  5948   912  6562
488 41 Andreas Steffen
 371  -1   0  8633  6154  9146  9371
489 41 Andreas Steffen
 372   1   0   590  1897  5342  1577
490 41 Andreas Steffen
 373   0   0  4566  6636  4267 10810
491 41 Andreas Steffen
 374   0  -2  8598  3136  1723  8798
492 41 Andreas Steffen
 375   0   0  2460  1107 10645 10256
493 41 Andreas Steffen
 376   0   2 11497  3068  5174  2397
494 41 Andreas Steffen
 377   0   0  2749  4923  7543  2680
495 41 Andreas Steffen
 378   1   4  2843  7308  7749   107
496 41 Andreas Steffen
 379  -1   0  9178  8015  8361 10628
497 41 Andreas Steffen
 380   0   0  8418  1085  7030  1309
498 41 Andreas Steffen
 381   0   0  6413  6687  6321  9605
499 41 Andreas Steffen
 382   0   0  7704  9813  2529 12015
500 41 Andreas Steffen
 383   1   0  4353 11345  5846  7362
501 41 Andreas Steffen
 384  -2   0   483   493  7176   887
502 41 Andreas Steffen
 385   0  -2  1964 12124   630 11168
503 41 Andreas Steffen
 386   0  -2 11626  7968 10413 10000
504 41 Andreas Steffen
 387  -1  -2  7600  2425  6332  3104
505 41 Andreas Steffen
 388   0   0  1875 10712  9870  4381
506 41 Andreas Steffen
 389  -1   2  5301  9244  9938  7693
507 41 Andreas Steffen
 390  -1   0  8347  1651  4708 10498
508 41 Andreas Steffen
 391  -1   0  6480  3664  7631  8055
509 41 Andreas Steffen
 392   1   0 11001  4962  3013  1707
510 41 Andreas Steffen
 393  -1   0  9167  5049 12060  7976
511 41 Andreas Steffen
 394   0   0  3871 10432  8889  9207
512 41 Andreas Steffen
 395   0   2  1900  1335  3063  7210
513 41 Andreas Steffen
 396   0   0  3446  5082 11819 11075
514 41 Andreas Steffen
 397  -1   0  9621 12019  8735  5657
515 41 Andreas Steffen
 398   0   2 10282  5977  5889  6091
516 41 Andreas Steffen
 399   0  -2  6899 10659 10654  7201
517 41 Andreas Steffen
 400   0  -2  8828 11918   530 10532
518 41 Andreas Steffen
 401   0   0  5889  5235  1426  1505
519 41 Andreas Steffen
 402   0   2 10499 11288  6888 11079
520 41 Andreas Steffen
 403   0  -2  6758 11300  3460  9527
521 41 Andreas Steffen
 404   0   2 10492  4626  9496   103
522 41 Andreas Steffen
 405   1   0  4071  5214  9330  5418
523 41 Andreas Steffen
 406   0   4  4344  5575  3054  6479
524 41 Andreas Steffen
 407   0  -2  3367   988  6366 11176
525 41 Andreas Steffen
 408  -1   0  7382  6520  1529  9724
526 41 Andreas Steffen
 409   0   0  7638  6486  4438  2460
527 41 Andreas Steffen
 410   0  -2  1148  9873  8821  1975
528 41 Andreas Steffen
 411   0   0  6283  5276 11948  5257
529 41 Andreas Steffen
 412   0   2  2366  6232 10434  9810
530 41 Andreas Steffen
 413   1   0  3431  2686  4540  2454
531 41 Andreas Steffen
 414   1   0  4532  5476 11629  4946
532 41 Andreas Steffen
 415   0   0  5428  8846   483  4258
533 41 Andreas Steffen
 416   0   4  2795  1320  8114  5350
534 41 Andreas Steffen
 417   0   2  2510 12017  2768  5050
535 41 Andreas Steffen
 418   0  -2  2406  2440  2740  6750
536 41 Andreas Steffen
 419   0   2 10282  1086   809 10400
537 41 Andreas Steffen
 420   0   0  8477  8393  3405 10159
538 41 Andreas Steffen
 421  -1   0  7203  5025   387  6339
539 41 Andreas Steffen
 422   0   0  1510    42  3061  5047
540 41 Andreas Steffen
 423   1   0  8899  1346  3963  3518
541 41 Andreas Steffen
 424   0   0  7690  4485  2532  6815
542 41 Andreas Steffen
 425   0  -2  2210 11591  2890  4503
543 41 Andreas Steffen
 426   0   0  2367  8826  8001 12127
544 41 Andreas Steffen
 427   1   2 10596  8314  7863 12185
545 41 Andreas Steffen
 428  -1  -2  6039 10099  5011  6333
546 41 Andreas Steffen
 429  -1  -2  7353  8641  6623   965
547 41 Andreas Steffen
 430   0   0  3054  6816  5283  7438
548 41 Andreas Steffen
 431  -1   0  9421  5919  7903 11491
549 41 Andreas Steffen
 432   0   0  5202 11236 11135  6875
550 41 Andreas Steffen
 433   1   0 10469  3625  5140 11409
551 41 Andreas Steffen
 434  -1   0  6457  3420  1289  3087
552 41 Andreas Steffen
 435   0   0  4981  7584  3667  8992
553 41 Andreas Steffen
 436   0   0  2486  9323  5488  6760
554 41 Andreas Steffen
 437   0  -2 10800  9052 10347  4450
555 41 Andreas Steffen
 438   1   0  1546  5976  6208 10283
556 41 Andreas Steffen
 439  -1   0 10050  8648  5275  3907
557 41 Andreas Steffen
 440   1   4 10633  8816  8122  7347
558 41 Andreas Steffen
 441  -1   0  8730  5232 12281  4754
559 41 Andreas Steffen
 442   1   2  4288  4871  6784 12192
560 41 Andreas Steffen
 443   1   0  9297  9950  4775  2378
561 41 Andreas Steffen
 444   1   2  1069   209 11331   995
562 41 Andreas Steffen
 445   0   0  7851  6881  6175  5523
563 41 Andreas Steffen
 446   0   0  5388  6671  4672  1421
564 41 Andreas Steffen
 447   0  -2 10231  5133  2309  5799
565 41 Andreas Steffen
 448  -1   0   153  9835  5074  5216
566 41 Andreas Steffen
 449   0   0 11934  2437  7339 11818
567 41 Andreas Steffen
 450  -1   0  8801  8789    48 11348
568 41 Andreas Steffen
 451   0   2  6042   987  8243 10106
569 41 Andreas Steffen
 452  -2   0 10333  2589  4798  6818
570 41 Andreas Steffen
 453  -1   0  6545  9349  9453  2743
571 41 Andreas Steffen
 454  -1  -2  4195  9643  9110 11013
572 41 Andreas Steffen
 455   0  -2  6640   357 11133  9945
573 41 Andreas Steffen
 456  -1   0 11534  6683 11405    44
574 41 Andreas Steffen
 457   0   0  7142  5256  9490 10584
575 41 Andreas Steffen
 458   0   0  7200  2149  3622  9014
576 41 Andreas Steffen
 459   0   0  7165  7039 10762  7156
577 41 Andreas Steffen
 460   1   2  8215  7133 10600  1285
578 41 Andreas Steffen
 461   2  -2 11301 10333  7383   769
579 41 Andreas Steffen
 462  -1   0  5004 10864  3139  1300
580 41 Andreas Steffen
 463   1   0 11040  3075 10760 11733
581 41 Andreas Steffen
 464   0  -2  6614  8230  3156  2279
582 41 Andreas Steffen
 465   0   0  3877  7182 10115 11440
583 41 Andreas Steffen
 466  -1   0  2357  2232  4764  2711
584 41 Andreas Steffen
 467   1  -2  3295  2363  2758  2045
585 41 Andreas Steffen
 468   0   0  8589   865  2917  2518
586 41 Andreas Steffen
 469   0   2  2772  2928  3650  6641
587 41 Andreas Steffen
 470   0   0  5177  2183  7996  8414
588 41 Andreas Steffen
 471   1  -2  6874  9197  8865  8729
589 41 Andreas Steffen
 472  -2   0  7827 11526 10909  1548
590 41 Andreas Steffen
 473   0  -2 11766  8236  6451  5159
591 41 Andreas Steffen
 474   0   2 10634  8707  6140  7148
592 41 Andreas Steffen
 475  -1   0   613  1770  4832  8487
593 41 Andreas Steffen
 476   1   2  4973  1080 10080  8202
594 41 Andreas Steffen
 477   0   0 11955  4174   873  1699
595 41 Andreas Steffen
 478  -1  -2 10831   993  6778  8348
596 41 Andreas Steffen
 479   1   0  5558  5835  7067  4186
597 41 Andreas Steffen
 480   0  -2  2702  3993  6392  6043
598 41 Andreas Steffen
 481  -1   0 12069  1685  1987  4574
599 41 Andreas Steffen
 482  -1  -2 10029  9050  6174 10299
600 41 Andreas Steffen
 483  -1   0  9883  8157 10233  1321
601 41 Andreas Steffen
 484   1   2  4512  7252  6080   699
602 41 Andreas Steffen
 485   0   0  5562   756  5195 11922
603 41 Andreas Steffen
 486   0   0  3388  2386 11462  7782
604 41 Andreas Steffen
 487   0   0  8847 11806 10279  2981
605 41 Andreas Steffen
 488   2   0  4206  9692  7466  3513
606 41 Andreas Steffen
 489   1   2 10165 11806  9176 10260
607 41 Andreas Steffen
 490   0   0  1657 11469 12267    30
608 41 Andreas Steffen
 491   0   0 10457 11636   606   319
609 41 Andreas Steffen
 492   1   0  2806  9200  7521  1752
610 41 Andreas Steffen
 493   0   0  1874  5675 11192  6546
611 41 Andreas Steffen
 494   0   2   874  5094 11842  7809
612 41 Andreas Steffen
 495  -1   0   760 12102  5115 10093
613 41 Andreas Steffen
 496  -1   0  1626  4185  9898  2052
614 41 Andreas Steffen
 497  -1   2 11878  8847  8718 11044
615 41 Andreas Steffen
 498  -1   0   952  2338  1103 11254
616 41 Andreas Steffen
 499   1  -2  2558 10638  3234  3355
617 41 Andreas Steffen
 500  -1   0  8556 11033  5603  1199
618 41 Andreas Steffen
 501   0   0  5848  7063 11603  6796
619 41 Andreas Steffen
 502   0   2  7859  2289  1071  7667
620 41 Andreas Steffen
 503   0   0  7909  7745  9517  9120
621 41 Andreas Steffen
 504   0   0  7307  3801   992  4019
622 41 Andreas Steffen
 505   0   2  4268  2937  3718  1290
623 41 Andreas Steffen
 506   0   0  7878 10639   121 12207
624 41 Andreas Steffen
 507   0  -2  9470  8437 10821  3280
625 41 Andreas Steffen
 508  -1   0  8213  9197  7737  8475
626 41 Andreas Steffen
 509  -1  -2 10700  6041  8143  5205
627 41 Andreas Steffen
 510  -1   0   344  5879  1943  2793
628 41 Andreas Steffen
 511   1   0 10325  7270  3760  2198
629 4 Andreas Steffen
</pre>
630 4 Andreas Steffen
Shown are the 512 small coefficients of the private keys *f* = *s1* and *g* = 2 * *s2* + 1 as well as their Number Theoretic Transforms (NTT) *F* and *G*, respectively. The BLISS public key *A* is computed as the component-wise inverse of *F* * *G* and the reverse NTT gives *a* = 1/(*f* * *g*) mod q with the 14 bit modulus q = 12289. Sometime it happens that *F* * *G* is not invertible, so that the following debug message is output
631 4 Andreas Steffen
<pre>
632 41 Andreas Steffen
S1[374] is zero - s1 is not invertible
633 7 Andreas Steffen
</pre>
634 10 Andreas Steffen
and another trial run is started.
635 7 Andreas Steffen
636 7 Andreas Steffen
h2. BLISS Root CA Certificate Generation
637 7 Andreas Steffen
638 21 Andreas Steffen
A self-signed BLISS CA certificate can be generated with the following command
639 7 Andreas Steffen
<pre>
640 49 Andreas Steffen
pki --self --type bliss --in cakey4.pem --ca --dn "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" --lifetime 3653 --digest sha512 --debug 2 --outform pem > cacert4.pem
641 48 Andreas Steffen
</pre>
642 7 Andreas Steffen
643 48 Andreas Steffen
The BLISS private key is read and parsed
644 48 Andreas Steffen
<pre>
645 7 Andreas Steffen
  file content is not binary ASN.1
646 7 Andreas Steffen
  -----BEGIN BLISS PRIVATE KEY-----
647 7 Andreas Steffen
  -----END BLISS PRIVATE KEY-----
648 7 Andreas Steffen
649 7 Andreas Steffen
L0 - BLISSPrivateKey:
650 1 Andreas Steffen
L1 - keyType:
651 48 Andreas Steffen
  'BLISS-B-IV'
652 7 Andreas Steffen
L1 - public:
653 7 Andreas Steffen
L1 - secret1:
654 7 Andreas Steffen
L1 - secret2:
655 7 Andreas Steffen
L0 - subjectPublicKeyInfo:
656 7 Andreas Steffen
L1 - algorithm:
657 7 Andreas Steffen
L2 - algorithmIdentifier:
658 1 Andreas Steffen
L3 - algorithm:
659 7 Andreas Steffen
  'blissPublicKey'
660 1 Andreas Steffen
L3 - parameters:
661 1 Andreas Steffen
L4 - blissKeyType:
662 48 Andreas Steffen
  'BLISS-B-IV'
663 1 Andreas Steffen
L1 - subjectPublicKey:
664 48 Andreas Steffen
</pre>
665 1 Andreas Steffen
666 49 Andreas Steffen
First signature round:
667 48 Andreas Steffen
<pre>
668 1 Andreas Steffen
mgf1 based on sha256 is seeded with 32 octets
669 49 Andreas Steffen
y1 = -937..665 (sigma2 = 71312, mean =  6.0)
670 49 Andreas Steffen
y2 = -961..788 (sigma2 = 78187, mean = 11.3)
671 1 Andreas Steffen
672 49 Andreas Steffen
mgf1 based on sha512 is seeded with 1088 octets
673 1 Andreas Steffen
mgf1 generated 64 octets
674 1 Andreas Steffen
675 49 Andreas Steffen
norm2(s1*c') + norm2(s2*c') = 54394 (69576 max), accepted
676 49 Andreas Steffen
scalar(z1,s1*c) + scalar(z2,s2*c) = 121971, rejected
677 49 Andreas Steffen
678 49 Andreas Steffen
mgf1 generated 10112 octets
679 1 Andreas Steffen
</pre>
680 1 Andreas Steffen
681 49 Andreas Steffen
Second signature round:
682 1 Andreas Steffen
<pre>
683 1 Andreas Steffen
mgf1 based on sha256 is seeded with 32 octets
684 49 Andreas Steffen
y1 = -809..845 (sigma2 = 68853, mean = -6.4)
685 49 Andreas Steffen
y2 = -758..716 (sigma2 = 69034, mean = -19.2)
686 49 Andreas Steffen
</pre>
687 1 Andreas Steffen
688 50 Andreas Steffen
Random oracle based on MGF1 and SHA-512 generates &kappa; = 39 non-zero c_indices:
689 49 Andreas Steffen
<pre>
690 49 Andreas Steffen
mgf1 based on sha512 is seeded with 1088 octets
691 49 Andreas Steffen
692 49 Andreas Steffen
 i  c_index[i]
693 49 Andreas Steffen
 0      482
694 49 Andreas Steffen
 1      309
695 49 Andreas Steffen
 2       98
696 49 Andreas Steffen
 3      333
697 49 Andreas Steffen
 4      472
698 49 Andreas Steffen
 5       55
699 49 Andreas Steffen
 6      218
700 49 Andreas Steffen
 7      142
701 49 Andreas Steffen
 8      221
702 49 Andreas Steffen
 9      175
703 49 Andreas Steffen
10      387
704 49 Andreas Steffen
11      443
705 49 Andreas Steffen
12      225
706 49 Andreas Steffen
13       96
707 49 Andreas Steffen
14      316
708 49 Andreas Steffen
15      359
709 49 Andreas Steffen
16      394
710 49 Andreas Steffen
17      307
711 49 Andreas Steffen
18      144
712 49 Andreas Steffen
19      420
713 49 Andreas Steffen
20       37
714 49 Andreas Steffen
21      146
715 49 Andreas Steffen
22       45
716 49 Andreas Steffen
23      171
717 49 Andreas Steffen
24      240
718 49 Andreas Steffen
25      471
719 49 Andreas Steffen
26      323
720 49 Andreas Steffen
27       49
721 49 Andreas Steffen
28       29
722 49 Andreas Steffen
29       78
723 49 Andreas Steffen
30      377
724 49 Andreas Steffen
31      462
725 49 Andreas Steffen
32      473
726 49 Andreas Steffen
33       15
727 49 Andreas Steffen
34      351
728 49 Andreas Steffen
35       77
729 49 Andreas Steffen
36       35
730 49 Andreas Steffen
37      449
731 49 Andreas Steffen
38      424
732 49 Andreas Steffen
733 49 Andreas Steffen
39  index trials
734 48 Andreas Steffen
mgf1 generated 64 octets
735 49 Andreas Steffen
</pre>
736 48 Andreas Steffen
737 50 Andreas Steffen
<pre>
738 49 Andreas Steffen
norm2(s1*c') + norm2(s2*c') = 52674 (69576 max), accepted
739 49 Andreas Steffen
scalar(z1,s1*c) + scalar(z2,s2*c) = 15806, accepted
740 1 Andreas Steffen
741 49 Andreas Steffen
z1 = -811..853, z2d = -3..3
742 49 Andreas Steffen
743 49 Andreas Steffen
efficiency of Huffman coder is 3.3340 bits/tuple (1707 bits)
744 49 Andreas Steffen
generated BLISS signature (6666 bits encoded in 834 bytes)
745 10 Andreas Steffen
signature generation needed 2 rounds
746 48 Andreas Steffen
747 49 Andreas Steffen
mgf1 generated 10240 octets
748 48 Andreas Steffen
</pre>
749 1 Andreas Steffen
750 1 Andreas Steffen
With a debug level of 2 you get quite a lot of debug information. Starting from the top, the automatic conversion from PEM to DER format is shown, followed by the ASN.1 encoding of the BLISS private key from which the BLISS public key is extracted. Then in order to generate the BLISS certificate signature, two vectors *y1* and *y2* with 512 random numbers tightly following a Gaussian probability distribution using rejection sampling are generated. This process often requires several rounds and a lot of random bits are used. The BLISS signature finally consists of the random vectors *z1* and *z2* as well as the sparse challenge vector *c*.
751 1 Andreas Steffen
752 10 Andreas Steffen
A BLISS certificate can be displayed at any time with
753 10 Andreas Steffen
<pre>
754 10 Andreas Steffen
pki --print --debug 2 --in cacert4.pem
755 10 Andreas Steffen
756 49 Andreas Steffen
  file content is not binary ASN.1
757 49 Andreas Steffen
  -----BEGIN CERTIFICATE-----
758 49 Andreas Steffen
  -----END CERTIFICATE-----
759 49 Andreas Steffen
760 11 Andreas Steffen
L0 - x509:
761 10 Andreas Steffen
L1 - tbsCertificate:
762 42 Andreas Steffen
L2 - DEFAULT v1:
763 11 Andreas Steffen
L3 - version:
764 10 Andreas Steffen
  X.509v3
765 42 Andreas Steffen
L2 - serialNumber:
766 1 Andreas Steffen
L2 - signature:
767 1 Andreas Steffen
L3 - algorithmIdentifier:
768 1 Andreas Steffen
L4 - algorithm:
769 1 Andreas Steffen
  'BLISS-with-SHA512'
770 42 Andreas Steffen
L2 - issuer:
771 42 Andreas Steffen
  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
772 42 Andreas Steffen
L2 - validity:
773 42 Andreas Steffen
L3 - notBefore:
774 42 Andreas Steffen
L4 - utcTime:
775 49 Andreas Steffen
  'Jul 28 10:10:44 UTC 2015'
776 1 Andreas Steffen
L3 - notAfter:
777 42 Andreas Steffen
L4 - utcTime:
778 49 Andreas Steffen
  'Jul 28 10:10:44 UTC 2025'
779 42 Andreas Steffen
L2 - subject:
780 42 Andreas Steffen
  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
781 42 Andreas Steffen
L2 - subjectPublicKeyInfo:
782 42 Andreas Steffen
-- > --
783 42 Andreas Steffen
L0 - subjectPublicKeyInfo:
784 42 Andreas Steffen
L1 - algorithm:
785 42 Andreas Steffen
L2 - algorithmIdentifier:
786 1 Andreas Steffen
L3 - algorithm:
787 11 Andreas Steffen
  'blissPublicKey'
788 11 Andreas Steffen
L3 - parameters:
789 1 Andreas Steffen
L0 - subjectPublicKeyInfo:
790 11 Andreas Steffen
L1 - algorithm:
791 1 Andreas Steffen
L2 - algorithmIdentifier:
792 1 Andreas Steffen
L3 - algorithm:
793 11 Andreas Steffen
  'blissPublicKey'
794 1 Andreas Steffen
L3 - parameters:
795 11 Andreas Steffen
L4 - blissKeyType:
796 49 Andreas Steffen
  'BLISS-B-IV'
797 10 Andreas Steffen
L1 - subjectPublicKey:
798 1 Andreas Steffen
-- < --
799 1 Andreas Steffen
L2 - optional extensions:
800 1 Andreas Steffen
L3 - extensions:
801 1 Andreas Steffen
L4 - extension:
802 10 Andreas Steffen
L5 - extnID:
803 11 Andreas Steffen
  'basicConstraints'
804 10 Andreas Steffen
L5 - critical:
805 10 Andreas Steffen
  TRUE
806 12 Andreas Steffen
L5 - extnValue:
807 12 Andreas Steffen
L6 - basicConstraints:
808 1 Andreas Steffen
L7 - CA:
809 11 Andreas Steffen
  TRUE
810 1 Andreas Steffen
L4 - extension:
811 1 Andreas Steffen
L5 - extnID:
812 1 Andreas Steffen
  'keyUsage'
813 1 Andreas Steffen
L5 - critical:
814 1 Andreas Steffen
  TRUE
815 1 Andreas Steffen
L5 - extnValue:
816 11 Andreas Steffen
L4 - extension:
817 11 Andreas Steffen
L5 - extnID:
818 10 Andreas Steffen
  'subjectKeyIdentifier'
819 10 Andreas Steffen
L5 - critical:
820 21 Andreas Steffen
  FALSE
821 10 Andreas Steffen
L5 - extnValue:
822 13 Andreas Steffen
L6 - keyIdentifier:
823 11 Andreas Steffen
L1 - signatureAlgorithm:
824 42 Andreas Steffen
L2 - algorithmIdentifier:
825 12 Andreas Steffen
L3 - algorithm:
826 12 Andreas Steffen
  'BLISS-with-SHA512'
827 11 Andreas Steffen
L1 - signatureValue:
828 1 Andreas Steffen
829 49 Andreas Steffen
z1 = -811..853, z2d = -3..3
830 42 Andreas Steffen
831 49 Andreas Steffen
mgf1 based on sha512 is seeded with 1088 octets
832 49 Andreas Steffen
mgf1 generated 64 octets
833 49 Andreas Steffen
834 1 Andreas Steffen
cert:      X509
835 42 Andreas Steffen
subject:  "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
836 42 Andreas Steffen
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
837 49 Andreas Steffen
validity:  not before Jul 28 12:10:44 2015, ok
838 49 Andreas Steffen
           not after  Jul 28 12:10:44 2025, ok (expires in 3652 days)
839 49 Andreas Steffen
serial:    7b:79:fb:00:a5:f6:c8:47
840 12 Andreas Steffen
flags:     CA CRLSign self-signed 
841 12 Andreas Steffen
subjkeyId: 47:bd:9e:5e:a8:58:ce:60:14:73:f3:54:7c:e8:28:10:7b:e6:c7:65
842 12 Andreas Steffen
pubkey:    BLISS 192 bits strength
843 12 Andreas Steffen
keyid:     1c:a7:5c:94:d1:ee:f6:c7:94:21:18:e5:ef:89:b3:c3:64:42:24:97
844 12 Andreas Steffen
subjkey:   47:bd:9e:5e:a8:58:ce:60:14:73:f3:54:7c:e8:28:10:7b:e6:c7:65
845 42 Andreas Steffen
</pre>
846 12 Andreas Steffen
847 12 Andreas Steffen
h2. BLISS End Entity Certificate Generation
848 12 Andreas Steffen
849 12 Andreas Steffen
We are now going to generate a BLISS-I key pair for user Carol:
850 12 Andreas Steffen
<pre>
851 13 Andreas Steffen
pki --gen --type bliss --size 1 > carolKey.der
852 12 Andreas Steffen
853 12 Andreas Steffen
secret key generation succeeded after 1 trial
854 12 Andreas Steffen
</pre>
855 13 Andreas Steffen
Next we create a self-signed PKCS#10 certificate request
856 12 Andreas Steffen
<pre>
857 12 Andreas Steffen
 pki --req --type bliss --in carolKey.der --dn "C=CH, O=strongSwan Project, CN=carol@strongswan.org" --san carol@strongswan.org > carolReq.der
858 12 Andreas Steffen
</pre>
859 12 Andreas Steffen
which is used as the input for the CA to create a signed end entity certificate:
860 12 Andreas Steffen
<pre>
861 1 Andreas Steffen
 pki --issue --type pkcs10 --in carolReq.der --cacert cacert4.pem --cakey cakey4.pem --crl http://crl.strongswan.org/bliss.crl --flag clientAuth > carolCert.der
862 42 Andreas Steffen
</pre>
863 42 Andreas Steffen
and which has the following content
864 42 Andreas Steffen
<pre>
865 1 Andreas Steffen
pki --print --in carolCert.der
866 42 Andreas Steffen
867 12 Andreas Steffen
cert:      X509
868 42 Andreas Steffen
subject:  "C=CH, O=strongSwan Project, CN=carol@strongswan.org"
869 42 Andreas Steffen
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
870 12 Andreas Steffen
validity:  not before Mar 15 18:04:00 2015, ok
871 42 Andreas Steffen
           not after  Mar 14 18:04:00 2018, ok (expires in 1094 days)
872 42 Andreas Steffen
serial:    43:63:44:f0:7f:2f:aa:dc
873 13 Andreas Steffen
altNames:  carol@strongswan.org
874 13 Andreas Steffen
flags:     clientAuth 
875 36 Andreas Steffen
CRL URIs:  http://crl.strongswan.org/bliss.crl
876 15 Andreas Steffen
authkeyId: 47:bd:9e:5e:a8:58:ce:60:14:73:f3:54:7c:e8:28:10:7b:e6:c7:65
877 15 Andreas Steffen
subjkeyId: cb:b5:c3:d5:00:ba:bb:90:ec:80:99:05:68:72:ae:3b:04:f8:9b:5f
878 14 Andreas Steffen
pubkey:    BLISS 128 bits strength
879 14 Andreas Steffen
keyid:     f5:0e:6e:0c:4c:65:ac:03:41:bf:5c:9f:26:d5:52:dc:87:6b:3d:15
880 14 Andreas Steffen
subjkey:   cb:b5:c3:d5:00:ba:bb:90:ec:80:99:05:68:72:ae:3b:04:f8:9b:5f
881 43 Andreas Steffen
</pre>
882 43 Andreas Steffen
883 43 Andreas Steffen
h2. IKEv2 Public Key Authentication using BLISS Signatures
884 43 Andreas Steffen
885 43 Andreas Steffen
The "ikev2/rw-ntru-bliss":http://www.strongswan.org/uml/testresults5/ikev2/rw-ntru-bliss/ strongSwan remote-access VPN scenario shows the practical use of IKEv2 public key authentication based on BLISS signatures. The larger size of the BLISS signatures and certificates compared to RSA is not a problem because IKEv2 Message Fragmentation ("RFC 7383":http://tools.ietf.org/html/rfc7383) is being used:
886 43 Andreas Steffen
887 43 Andreas Steffen
IKE_AUTH Request
888 43 Andreas Steffen
<pre>
889 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[IKE] sending end entity cert "C=CH, O=Linux strongSwan, OU=BLISS I, CN=carol@strongswan.org"
890 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[IKE] establishing CHILD_SA home
891 15 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
892 14 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[ENC] splitting IKE message with length of 3232 bytes into 3 fragments
893 14 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
894 14 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
895 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
896 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
897 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
898 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (452 bytes)
899 43 Andreas Steffen
</pre>
900 43 Andreas Steffen
901 43 Andreas Steffen
IKE_AUTH Response
902 43 Andreas Steffen
<pre>
903 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
904 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 14[ENC] parsed IKE_AUTH response 1 [ EF ]
905 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 14[ENC] received fragment #1 of 3, waiting for complete IKE message
906 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
907 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 14[ENC] parsed IKE_AUTH response 1 [ EF ]
908 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 14[ENC] received fragment #2 of 3, waiting for complete IKE message
909 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (580 bytes)
910 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ EF ]
911 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[ENC] received fragment #3 of 3, reassembling fragmented IKE message
912 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
913 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[IKE] received end entity cert "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
914 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   using certificate "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
915 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
916 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
917 15 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan_bliss.crl' ...
918 15 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
919 14 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
920 1 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   crl is valid: until Apr 14 11:08:14 2015
921 1 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG] certificate status is good
922 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   reached self-signed root ca with a path length of 0
923 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[IKE] authentication of 'moon.strongswan.org' with BLISS_WITH_SHA512 successful
924 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[IKE] IKE_SA home[1] established between 192.168.0.100[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]
925 43 Andreas Steffen
</pre>
926 1 Andreas Steffen
BTW- the key exchange method used is [[NTRU|NTRU Encryption]] so that the strongSwan IPsec connection setup is not vulnerable to quantum computer based key attacks:
927 1 Andreas Steffen
928 1 Andreas Steffen
IKE_SA_INIT Request
929 1 Andreas Steffen
<pre>
930 16 Andreas Steffen
Mar 15 12:18:03 carol charon: 12[IKE] initiating IKE_SA home[1] to 192.168.0.1
931 16 Andreas Steffen
Mar 15 12:18:03 carol charon: 12[LIB] 128 bit optimum NTRU parameter set ees439ep1 selected
932 16 Andreas Steffen
Mar 15 12:18:03 carol charon: 12[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) V ]
933 19 Andreas Steffen
Mar 15 12:18:03 carol charon: 12[NET] sending packet: from 192.168.0.100[500] to 192.168.0.1[500] (829 bytes)
934 19 Andreas Steffen
</pre>
935 35 Andreas Steffen
936 1 Andreas Steffen
h2. Design Details on BLISS Signatures
937 35 Andreas Steffen
938 33 Andreas Steffen
* For Gaussian sampling we are using a Bernoulli Sampler as described in "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 but currently not a Cumulative Distribution Table (CDT). This means the Gaussian rejection sampling currently requires a lot of random material which is produced using the "MGF1":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/crypto/mgf1/mgf1.h Mask Generation Function ("RFC 2437":http://tools.ietf.org/html/rfc2437#section-10.2.1) seeded by a true random source. The hash function used with MGF1 is currently SHA-1 for cryptographic strengths up to 160 bits, and SHA-256 for strengths up to 256 bits but we think about generally switching to SHA-512 since that hash function is used for the random oracle used by the BLISS signature anyway and SHA-512 performance is usually superior to SHA-256 on 64 bit platforms.
939 34 Andreas Steffen
940 34 Andreas Steffen
* In order to minimize the BLISS signature size, a set of [[BlissHuffmanCodes|Huffman Codes]] is used to encode the tuples (abs(z1[i]) >> 8, z2d[i]), with i = 0 .. 511. The sign and lower 8 bits of z1[i] are encoded using a fixed 9 bit field as described by Thomas Pöppelmann, Léo Ducas and Tim Güneysu in "Enhanced Lattice-Based Signatures on Reconfigurable Hardware":http://eprint.iacr.org/2014/254.pdf.
941 34 Andreas Steffen
942 1 Andreas Steffen
* Measured BLISS Signature Size*
943 35 Andreas Steffen
944 35 Andreas Steffen
  |Scheme    |Bit-packed  |Partially Huffman-coded     |Compression Rates        |
945 23 Andreas Steffen
  |BLISS-I   |>.7375 bits |>.5718 .. 5793 .. 5884 bits |>.22.5 .. 21.4 .. 20.2 % |
946 23 Andreas Steffen
  |BLISS-III |>.7950 bits |>.6093 .. 6167 .. 6255 bits |>.23.4 .. 22.4 .. 21.3 % |
947 23 Andreas Steffen
  |BLISS-IV  |>.8543 bits |>.6644 .. 6725 .. 6784 bits |>.22.3 .. 21.3 .. 20.6 % |
948 26 Andreas Steffen
949 26 Andreas Steffen
  *statistics based on a measurement set of 50 signatures, each
950 26 Andreas Steffen
951 26 Andreas Steffen
h2. ASN.1 Syntax
952 26 Andreas Steffen
953 26 Andreas Steffen
h3. Object Identifiers
954 26 Andreas Steffen
955 26 Andreas Steffen
<pre>
956 43 Andreas Steffen
id-bliss { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) ita(36906) bliss(5) }
957 43 Andreas Steffen
958 43 Andreas Steffen
keyType { id-bliss 1 }
959 43 Andreas Steffen
960 43 Andreas Steffen
blissPublicKey { keyType 1 }
961 43 Andreas Steffen
962 43 Andreas Steffen
parameters { id-bliss 2 }
963 43 Andreas Steffen
964 26 Andreas Steffen
bliss-I     = { parameters 1 }
965 27 Andreas Steffen
bliss-II    = { parameters 2 }
966 26 Andreas Steffen
bliss-III   = { parameters 3 }
967 27 Andreas Steffen
bliss-IV    = { parameters 4 }
968 47 Andreas Steffen
bliss-B-I   = { parameters 5 }
969 47 Andreas Steffen
bliss-B-II  = { parameters 6 }
970 23 Andreas Steffen
bliss-B-III = { parameters 7 }
971 23 Andreas Steffen
bliss-B-IV  = { parameters 8 }
972 23 Andreas Steffen
973 23 Andreas Steffen
blissSigType = { id-bliss 3 }
974 27 Andreas Steffen
975 27 Andreas Steffen
blissWithSha512 = { blissSigType 1 }
976 27 Andreas Steffen
blissWithSha384 = { blissSigType 2 }
977 27 Andreas Steffen
blissWithSha256 = { blissSigType 3 }
978 23 Andreas Steffen
</pre>
979 23 Andreas Steffen
980 29 Andreas Steffen
h3. BLISS Private Key
981 1 Andreas Steffen
982 44 Andreas Steffen
<pre>
983 29 Andreas Steffen
BlissPrivateKey  ::= SEQUENCE {
984 1 Andreas Steffen
    parameter OBJECT IDENTIFIER,
985 28 Andreas Steffen
    public    BIT STRING, -- A
986 28 Andreas Steffen
    secret1   BIT STRING, -- s1
987 28 Andreas Steffen
    secret2   BIT STRING  -- s2 }
988 1 Andreas Steffen
</pre>
989 28 Andreas Steffen
990 28 Andreas Steffen
As *parameter* one of the BLISS parameters OIDs *bliss-B-I* .. *bliss-B-IV* is used.
991 28 Andreas Steffen
992 23 Andreas Steffen
h3. BLISS Public Key
993 1 Andreas Steffen
994 30 Andreas Steffen
<pre>
995 23 Andreas Steffen
SubjectPublicKeyInfo  ::=  SEQUENCE  {
996 44 Andreas Steffen
    algorithm         AlgorithmIdentifier,
997 45 Andreas Steffen
    subjectPublicKey  BIT STRING  }
998 45 Andreas Steffen
999 45 Andreas Steffen
AlgorithmIdentifier  ::=  SEQUENCE  {
1000 46 Andreas Steffen
    algorithm         OBJECT IDENTIFIER,
1001 46 Andreas Steffen
    parameters        OBJECT IDENTIFER }
1002 45 Andreas Steffen
</pre>
1003 1 Andreas Steffen
1004 1 Andreas Steffen
As *algorithm* the *blissPublicKey* OID is used and *parameters* indicates one of the BLISS parameter OIDs *bliss-B-I* .. *bliss-B-IV*. 
1005 1 Andreas Steffen
1006 1 Andreas Steffen
h2. References
1007 1 Andreas Steffen
1008 1 Andreas Steffen
* "BLISS Home":http://bliss.di.ens.fr/ at ENS (École Normale Supérieure)
1009 1 Andreas Steffen
1010 1 Andreas Steffen
* "Practical Lattice-based Digital Signature Schemes":http://csrc.nist.gov/groups/ST/post-quantum-2015/presentations/session9-oneill-maire.pdf, NIST Workshop on Cybersecurity in a Post-Quantum World
1011 1 Andreas Steffen