Project

General

Profile

Bimodal Lattice Signature Scheme (BLISS) » History » Version 58

Noel Kuntze, 27.10.2016 22:51

1 1 Andreas Steffen
h1. Bimodal Lattice Signature Scheme (BLISS)
2 1 Andreas Steffen
3 16 Andreas Steffen
{{>toc}}
4 16 Andreas Steffen
5 38 Andreas Steffen
BLISS is a post-quantum signature scheme based on the CRYPTO 2013 paper "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 by Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Starting with the strongSwan [[5.2.2]] release we offer BLISS as an IKEv2 public key authentication method. We also added full BLISS key and certificate generation support to the strongSwan [[IpsecPki|pki]] tool. With strongSwan [[5.3.0]] we are upgrading to the improved BLISS-B signature algorithm described in "Accelerating Bliss: the Geometry of Ternary Polynomials":https://eprint.iacr.org/2014/874.pdf by Léo Ducas. This HOWTO is based on the new BLISS-B default scheme. It is possible though to revert to the old BLISS behaviour by setting
6 38 Andreas Steffen
<pre>
7 38 Andreas Steffen
libstrongswan {
8 38 Andreas Steffen
  plugins {
9 38 Andreas Steffen
    bliss {
10 38 Andreas Steffen
      use_bliss_b = no
11 38 Andreas Steffen
    }
12 38 Andreas Steffen
  }
13 38 Andreas Steffen
}
14 38 Andreas Steffen
</pre>
15 40 Andreas Steffen
in strongswan.conf, although we don't see any advantage whatever for doing this.
16 1 Andreas Steffen
17 58 Noel Kuntze
The *bliss* plugin requires the a source of randomness (*rdrand*, *padlock* or *nonce* plugin), the *mgf1* and the *hmac* plugin.
18 57 Noel Kuntze
19 17 Andreas Steffen
This seamless integration into the strongSwan framework was made possible by the new libstrongswan "bliss plugin":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/show/src/libstrongswan/plugins/bliss completely written in the C programming language without the use of any external libraries and which implements the libstrongswan "public_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/public_key.h and "private_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/private_key.h interfaces.
20 7 Andreas Steffen
21 18 Andreas Steffen
h2. Building strongSwan with BLISS Support
22 18 Andreas Steffen
23 18 Andreas Steffen
If you want to play around with BLISS keys and signatures using the strongSwan [[IpsecPki|pki]] tool please follow the quick software installation HOWTO:
24 18 Andreas Steffen
<pre>
25 54 Andreas Steffen
wget http://download.strongswan.org/strongswan-5.3.3.tar.bz2
26 54 Andreas Steffen
tar xjf strongswan-5.3.3.tar.bz2
27 54 Andreas Steffen
cd strongswan-5.3.3
28 18 Andreas Steffen
./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --enable-bliss
29 18 Andreas Steffen
make
30 18 Andreas Steffen
sudo make install
31 18 Andreas Steffen
</pre>
32 18 Andreas Steffen
33 1 Andreas Steffen
h2. BLISS Private Key Generation
34 1 Andreas Steffen
35 53 Andreas Steffen
strongSwan currently supports the BLISS-B-I, BLISS-B-III, and BLISS-B-IV schemes with a cryptographic strength of 128 bits, 160 bits and 192 bits, respectively. Using the [[IpsecPki|pki]] tool a private BLISS-B-I key can be generated as follows:
36 1 Andreas Steffen
<pre>
37 13 Andreas Steffen
pki --gen --type bliss --size 1 --debug 2 > cakey1.der
38 1 Andreas Steffen
39 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
40 1 Andreas Steffen
mgf1 generated 240 octets
41 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
42 1 Andreas Steffen
mgf1 generated 240 octets
43 41 Andreas Steffen
l2 norm of s1||s2: 771, Nk(S): 44024
44 1 Andreas Steffen
45 41 Andreas Steffen
secret key generation succeeded after 1 trial
46 1 Andreas Steffen
</pre>
47 41 Andreas Steffen
With the command
48 1 Andreas Steffen
<pre>
49 1 Andreas Steffen
pki --print --type bliss-priv --in cakey1.der
50 13 Andreas Steffen
51 1 Andreas Steffen
private key with:
52 1 Andreas Steffen
pubkey:    BLISS 128 bits strength
53 41 Andreas Steffen
keyid:     66:5d:b6:ae:85:b6:32:1b:9a:7e:2c:ed:c7:6a:4d:68:f0:3a:ec:77
54 41 Andreas Steffen
subjkey:   50:c5:a5:b0:21:e2:a8:13:12:ba:7c:87:f3:3f:ab:90:ad:2c:4d:c2
55 1 Andreas Steffen
</pre>
56 1 Andreas Steffen
information on the BLISS private key is displayed.
57 1 Andreas Steffen
58 41 Andreas Steffen
Let's now generate a BLISS-B-IV key with 192 bit cryptographic strength in base64-encoded PEM format
59 1 Andreas Steffen
<pre>
60 1 Andreas Steffen
pki --gen --type bliss --size 4 --outform pem  > cakey4.pem
61 41 Andreas Steffen
secret key generation succeeded after 1 trial
62 1 Andreas Steffen
</pre>
63 1 Andreas Steffen
The PEM key format is printable
64 1 Andreas Steffen
<pre>
65 1 Andreas Steffen
cat cakey4.pem
66 1 Andreas Steffen
67 1 Andreas Steffen
-----BEGIN BLISS PRIVATE KEY-----
68 41 Andreas Steffen
MIIFGgYLKwYBBAGCoCoFAggDggOBAFPFQxsmKwFTjeebvilsNgguxG6vs6EWIyWi
69 41 Andreas Steffen
RUkzxZ3BZVy2Oya/9jkMO4O5W/TM5C5vKf0ADlu4fVzU2drT9YA6LzeJIhlWmHu0
70 41 Andreas Steffen
ISD9s3Q6pf5NxpvKKFiqjA8ePHFk2iIJQ+DbA9VCtYzM0BOz11+blrl4zOeHp2Am
71 41 Andreas Steffen
lmkQwW1OTYejkOBEdGFFuwpVbLXL0XTj4KPZB9icIU48VVh2fS/fOjSRyVhruzVO
72 41 Andreas Steffen
6QQtHeCE6p0HLQCpYsw4i93KaYyoS9tDK5Ia/TGWcpp9Sih4k60iJAEusftoijJl
73 41 Andreas Steffen
hq41uiUgVd7vpeaWBoMurUODR4aYMiNF2eCGuPTC+76hpZ4h91TmZ7ASuoATl57E
74 41 Andreas Steffen
XN3wY61OuLW+CiTlHZsfddmTRyWbtp5t0Ckk2RaoEsCvU/22csb3Z4CkASoJawVB
75 41 Andreas Steffen
i6VeQPtTr9cfUDb4mhSOv7LRZmjkkqyl5FduVOw3BePVZGqHZLrLdZ1AAbAtoel9
76 41 Andreas Steffen
FYZ/EBEbQpGVEEWwm98tsFeIp2JWUCA9bOdzlOsoJ6mmgz9fKXDQBsv+DeOSkXNo
77 41 Andreas Steffen
yKJ0EnXh6J5iPG6gtvoRVwGLfL0Yqcl7nkB5UUGWdQC2PNKZEAW2zVg5Wx4ALtgI
78 41 Andreas Steffen
qKhqyH5S29X4LoCqut6TuU8PYjKMlr9G8pK5kfXx3/A1/iD15m5esYBRmkddMRsK
79 41 Andreas Steffen
w3XdASNeHOeVfFU6FgKe+hYQhCTBgZGN3CFRtRhWbV7NES2DRkxiIgFWYrfRgLt/
80 41 Andreas Steffen
pobwJcL4VqwQQiSD83isZaHNRKJ+WttYKpQmTQk/ycYpD1DJ98Kw1LeyfTXxvtv8
81 41 Andreas Steffen
prSQekPNXHeyN8fXDgZmpLIBdOyutO5uelVV/ovsLGtmSQehXXvLj9IoETxtsnYj
82 41 Andreas Steffen
XpQU86hCaOl8ZLaASUhrqqBe0nQYB5Utr7P7YaxrfYYoiCEZZrLR9oIWNHYMiev2
83 41 Andreas Steffen
FCkQie3mrOb9K5AJo3DnfyumrNjOxq2a8N9WHRaDGrKT+l3gVJysxebExLNJsOHU
84 41 Andreas Steffen
89DZcnA3ulxmxoMdH/KzGMd9bjCIf0xNltRhULrBoShlhBElqK8znFHWhGmdbWhe
85 41 Andreas Steffen
0C3kKzApp5MebesGOdUT/U/ylUKPyINd90cqQESjHe+WibikN4WCcihiBRzvexQG
86 41 Andreas Steffen
klrkgqhAxL9ZX4SFWtzLsiSIpmWJUaY72vwo2TuA5un+Xq3yi7YtBggaRjg86Yiv
87 41 Andreas Steffen
tDsRFpMAA4HBAByACgOQOAOCBz0AD+AT+QCQB+OgPx/wAOP+QQAeeAR+AAAFwACO
88 41 Andreas Steffen
CAAByOgAQOBz+AAPyNwCRwAD+h+QCPxyATx+QPxyACATweCRzwAACQAPyCQOOeQA
89 41 Andreas Steffen
OOOgPyCQAieCQARigBxwB9geMPxwCRiDxgVwEEAAOAB+eP+CMCR+OCgCMRwPwB+A
90 41 Andreas Steffen
RwAhwQBzhyRzyBx+QQCACEAfyOPwP/ifiDwSAhwCDyCCAQSAfhwMAeQBwSAACAAD
91 41 Andreas Steffen
+CCeOUACeCASAAOBwQAAYAf/oEc8A8fkgAAfgEEHkEADfgn4AAAjk8gcAEEADgDo
92 41 Andreas Steffen
ccEg/fj8EkAcfkAEEgAo4EADnEIcnnjgEgAnkcEnggEcbgDhAAcdAcEAAAgA8AEk
93 41 Andreas Steffen
8rgAjkdAAAHgAgdckAEIADBfgAA4HgYgD8EjgDkAcAEgEHn/8AA8gHgA8cEEcAAk
94 41 Andreas Steffen
fgggAf84AAAgBEj8jlD8AEcoADjgc/gDkgAk/gAdAg8A78ADAEgYgg8gEbngkc8/
95 41 Andreas Steffen
ggAnkjhcHggAkEgj8Ak=
96 3 Andreas Steffen
-----END BLISS PRIVATE KEY-----
97 3 Andreas Steffen
</pre>
98 42 Andreas Steffen
At last let's generate a BLISS-B-III key with a cryptographic strength of 160 bits with the highest debug level enabled:
99 3 Andreas Steffen
<pre>
100 3 Andreas Steffen
pki --gen --type bliss --size 3 --debug 4 > cakey3.der
101 3 Andreas Steffen
102 3 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
103 1 Andreas Steffen
mgf1 generated 380 octets
104 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
105 41 Andreas Steffen
mgf1 generated 420 octets
106 41 Andreas Steffen
l2 norm of s1||s2: 1397, Nk(S): 134554
107 13 Andreas Steffen
108 41 Andreas Steffen
S1[374] is zero - s1 is not invertible
109 41 Andreas Steffen
110 41 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
111 41 Andreas Steffen
mgf1 generated 400 octets
112 41 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
113 41 Andreas Steffen
mgf1 generated 400 octets
114 41 Andreas Steffen
l2 norm of s1||s2: 1397, Nk(S): 150444
115 41 Andreas Steffen
116 41 Andreas Steffen
secret key generation succeeded after 2 trials
117 41 Andreas Steffen
118 3 Andreas Steffen
   i   f   g     a     F     G     A
119 41 Andreas Steffen
   0   0  -1 11349  7348  7670  2988
120 41 Andreas Steffen
   1   1   0  7974  3185  4952 11025
121 41 Andreas Steffen
   2   0  -2  8985  2527  9470  4541
122 41 Andreas Steffen
   3   1  -2  7381 10610 11589  2467
123 41 Andreas Steffen
   4   0   0    24  6142  3407  1095
124 41 Andreas Steffen
   5   0   0   660  5787  7097  4552
125 41 Andreas Steffen
   6  -2   0  7663   996  8919   120
126 41 Andreas Steffen
   7   0   0 11446  2979  5879  5439
127 41 Andreas Steffen
   8   0   0 10761  9288  6406 11689
128 41 Andreas Steffen
   9   1   2 10655  5145  9566 11720
129 41 Andreas Steffen
  10  -1  -2  2239 12023  2977   497
130 41 Andreas Steffen
  11   1  -2  8056  9625   769  1665
131 41 Andreas Steffen
  12  -1   0 12073 10413  8267  7745
132 41 Andreas Steffen
  13   0   0 10423  7043  8384   659
133 41 Andreas Steffen
  14  -1   0  2927  4462  1895  3870
134 41 Andreas Steffen
  15   0  -2  8350 10004  5363  2321
135 41 Andreas Steffen
  16   0   0  8719  8405  9805  4329
136 41 Andreas Steffen
  17   0   0   126    16 11765  9184
137 41 Andreas Steffen
  18   1   0 11077  7415 10462 12186
138 41 Andreas Steffen
  19   0   0 10321 10888  9001  9002
139 41 Andreas Steffen
  20   0   0 11406 12197  2320  2112
140 41 Andreas Steffen
  21  -1   0  2382  8071 11316  6203
141 41 Andreas Steffen
  22   0   0 11952  2522  7713  2532
142 41 Andreas Steffen
  23  -1   0  3121  3838  1919  6145
143 41 Andreas Steffen
  24   0   2  3530  7422  3780  6905
144 41 Andreas Steffen
  25  -1   0  1229  3845  2506  2337
145 41 Andreas Steffen
  26  -1   2  1278   246 10767  6488
146 41 Andreas Steffen
  27   0   0  1031  8302  2463 11225
147 41 Andreas Steffen
  28   0  -2  6091 11836  4336  2866
148 41 Andreas Steffen
  29   0   0  9763 11818  1023  5477
149 41 Andreas Steffen
  30   1   0  3533 11202 11192   815
150 41 Andreas Steffen
  31  -2   0  2485  9375  1396  1096
151 41 Andreas Steffen
  32   0   2  7774  9256 11751  4761
152 41 Andreas Steffen
  33   1  -2  5705   105  8018  5109
153 41 Andreas Steffen
  34   1  -2  1310  1037 11693  6138
154 41 Andreas Steffen
  35   0   2  3963 11119  7278  9888
155 41 Andreas Steffen
  36  -1   0  2664   716  7917  2946
156 41 Andreas Steffen
  37   0  -2  2310  7971 11642 12218
157 41 Andreas Steffen
  38   0   0  9219 11411  7807  8627
158 41 Andreas Steffen
  39   0   0  5358  9175 10240  7187
159 41 Andreas Steffen
  40   0   0  9739 11874 10139 11850
160 41 Andreas Steffen
  41   1   2  8814 10927 12043   325
161 41 Andreas Steffen
  42   0   0  7933 11743  3920  9761
162 41 Andreas Steffen
  43  -2   0   251  6664  6850  4969
163 41 Andreas Steffen
  44   0   0  3754  5561  1275  4389
164 41 Andreas Steffen
  45   0   0  4863  4628 11852  5770
165 41 Andreas Steffen
  46   0   0  9053  8612  8420  4162
166 41 Andreas Steffen
  47   0  -2  7268  6093  2250 12126
167 41 Andreas Steffen
  48  -1   0  3867  7439 10172 11395
168 41 Andreas Steffen
  49   0   0  1877  8716  2985  4663
169 41 Andreas Steffen
  50   0   2  4520   140  3538  6872
170 41 Andreas Steffen
  51  -1  -2 12012  7676  9229  8965
171 41 Andreas Steffen
  52   1   0 11243  1199  5329  3192
172 41 Andreas Steffen
  53   0   0  3816  4823  4210  2768
173 41 Andreas Steffen
  54   0   0 11185  7269 11376 10485
174 41 Andreas Steffen
  55   0  -2   368  6947  8326  6955
175 41 Andreas Steffen
  56   0   0 12276 11097  9506  5786
176 41 Andreas Steffen
  57   0   0  1482  7994  2714 10832
177 41 Andreas Steffen
  58   0   0  8790  4355  2509  5980
178 41 Andreas Steffen
  59   0   0  2592  5059 10875 12262
179 41 Andreas Steffen
  60   1   2   741  7578  6721  5847
180 41 Andreas Steffen
  61  -1   0  5401  2769  1664  5597
181 41 Andreas Steffen
  62  -1  -2  3498  3562  8160  1127
182 41 Andreas Steffen
  63   0   4  9783  9751  4934   153
183 41 Andreas Steffen
  64   1   2   562 10232  3792  2585
184 41 Andreas Steffen
  65   0   2  5623  3669   816  8702
185 41 Andreas Steffen
  66   0   0  6817  2897  3255   595
186 41 Andreas Steffen
  67   0   2  4920  4356  5602  2309
187 41 Andreas Steffen
  68   1   2  1443  8246  1837  9328
188 41 Andreas Steffen
  69  -1   2  8830  8527 10087 11388
189 41 Andreas Steffen
  70   1   2  8318   386  8777 10115
190 41 Andreas Steffen
  71   0   0  4835  3976  8200  6604
191 41 Andreas Steffen
  72   0   0 12193  2774  9810  4345
192 41 Andreas Steffen
  73   0  -2  5217  4530  5891  2120
193 41 Andreas Steffen
  74   0  -2  2158  1444  8147  8082
194 41 Andreas Steffen
  75   0   0  6172  6249  9683  3797
195 41 Andreas Steffen
  76   0  -2  3351  2755  4435 10774
196 41 Andreas Steffen
  77   0   0  1795  5593  7010  2249
197 41 Andreas Steffen
  78   0   0  6378  6529  2449  3586
198 41 Andreas Steffen
  79   1   0  3282  8543  8791  6877
199 41 Andreas Steffen
  80   0   0  5941  2515  3404  2122
200 41 Andreas Steffen
  81   0   0  9619   226  4829   402
201 41 Andreas Steffen
  82   0   0  3819  1636  3669  5343
202 41 Andreas Steffen
  83   0   0 10054 10341  5815  9832
203 41 Andreas Steffen
  84  -1  -2  5846  1459  6451  1689
204 41 Andreas Steffen
  85   0   0  7204  2539  4867  2209
205 41 Andreas Steffen
  86   0   0  5750  2023   198  8863
206 41 Andreas Steffen
  87  -1   2  6261  5977 12147   331
207 41 Andreas Steffen
  88   0   0  3021  2021  2604  1412
208 41 Andreas Steffen
  89   0   2  7572  3901  5291 12199
209 41 Andreas Steffen
  90   1  -2  3971 10971  5040  6150
210 41 Andreas Steffen
  91  -1   0  3481  7683  7127  5588
211 41 Andreas Steffen
  92   0   0  3473 10868  6948 11869
212 41 Andreas Steffen
  93   0   2  6995   549  8855  4202
213 41 Andreas Steffen
  94   0   0  7016  7421  1258  1782
214 41 Andreas Steffen
  95   1   2 12142  5614 12132  5085
215 41 Andreas Steffen
  96   1   0   297 11408 10263  5819
216 41 Andreas Steffen
  97   1  -2  4317   569  1661  4560
217 41 Andreas Steffen
  98   0   2 11899  8600  5015  2094
218 41 Andreas Steffen
  99   1   0  5837   554  9502  5474
219 41 Andreas Steffen
 100  -1  -2  3375  3281  8625  7400
220 41 Andreas Steffen
 101   1   0  6925   720  9235 10339
221 41 Andreas Steffen
 102   0  -2 11463 11460  3152  8935
222 41 Andreas Steffen
 103  -1  -2   996  3541  9592  4202
223 41 Andreas Steffen
 104   0  -2  2977  4667  4746  6684
224 41 Andreas Steffen
 105   0   2  3324 10226  9780  6935
225 41 Andreas Steffen
 106  -1   2 12127 10743 12252  3426
226 41 Andreas Steffen
 107   0  -2  9795 10231  6839  4720
227 41 Andreas Steffen
 108   0  -2  2889  3500  3258 10106
228 41 Andreas Steffen
 109  -1   4  8087  6380  5416  6311
229 41 Andreas Steffen
 110   1  -2 10557  3805  1796  5365
230 41 Andreas Steffen
 111   1   2  5909 10540  3107  6083
231 41 Andreas Steffen
 112   0   0 10442  3605  1555  2523
232 41 Andreas Steffen
 113   0   2  4226  1933  5029  6252
233 41 Andreas Steffen
 114  -1   2  5275    89  7465  3812
234 41 Andreas Steffen
 115  -1   0  6815 10334   200 11126
235 41 Andreas Steffen
 116   1   2  8730  6104  4971  2153
236 41 Andreas Steffen
 117  -1  -2 11235 12105  8587   688
237 41 Andreas Steffen
 118   0  -2  1258  4392   665  3646
238 41 Andreas Steffen
 119   0   0  2480  3460  8326  2652
239 41 Andreas Steffen
 120   1   0  1216 12123  2535   651
240 41 Andreas Steffen
 121   0   2   857  2091   562  1352
241 41 Andreas Steffen
 122   0  -2  3169  4464  2919  6236
242 41 Andreas Steffen
 123   1   0 10107  2680  1350  8667
243 41 Andreas Steffen
 124   0  -4 10308  2108  9352   704
244 41 Andreas Steffen
 125   1   2   878 11994  2136  3492
245 41 Andreas Steffen
 126   0  -2  3800  8913  4121  2070
246 41 Andreas Steffen
 127  -1   0  2443 12112  7839   164
247 41 Andreas Steffen
 128   0  -2 11654  9227  7360  9710
248 41 Andreas Steffen
 129   0   2 11660 11240 10772  2157
249 41 Andreas Steffen
 130   1   0 11564   268 12057  4768
250 41 Andreas Steffen
 131   0   2  8890 10527 10742  1333
251 41 Andreas Steffen
 132  -1  -2  9912 11312  4630  8146
252 41 Andreas Steffen
 133  -1   0 11456  6000  2141  4365
253 41 Andreas Steffen
 134   2   0  7960  7033  8674  7036
254 41 Andreas Steffen
 135  -1   0  8533  2433  6170 11842
255 41 Andreas Steffen
 136   1  -2  1397  9385  6566  9096
256 41 Andreas Steffen
 137   0   0  3543 10922  5370    59
257 41 Andreas Steffen
 138   0   2   691  8292  8171  7134
258 41 Andreas Steffen
 139   0   0  2713  3104  9141  2707
259 41 Andreas Steffen
 140   0  -4  1268  2361  6871   513
260 41 Andreas Steffen
 141   1   2 11076  6984  2153   815
261 41 Andreas Steffen
 142   0   0 11657  3591  7098  2661
262 41 Andreas Steffen
 143   1   2  2834  4083  3018  1617
263 41 Andreas Steffen
 144   0   0  8185  6619   366  9415
264 41 Andreas Steffen
 145  -1  -2  1494 11839  6863   449
265 41 Andreas Steffen
 146   0  -2  1832 10258  7230  3046
266 41 Andreas Steffen
 147   0   0 10931   383  4893 12013
267 41 Andreas Steffen
 148   0  -4  8238  6439  4367  1371
268 41 Andreas Steffen
 149   0   2  8006  2974 11322   260
269 41 Andreas Steffen
 150   0   0  3541  8377  6324  2901
270 41 Andreas Steffen
 151   0  -2   687   330  6124  7243
271 41 Andreas Steffen
 152   0  -2  5192 10152  4457 10671
272 41 Andreas Steffen
 153   0   0  8674  3299  1218   317
273 41 Andreas Steffen
 154  -1  -2  1498    19  1224  1358
274 41 Andreas Steffen
 155   1   0   472  2029  5208 12231
275 41 Andreas Steffen
 156   1   2 11731  6425  7592  7694
276 41 Andreas Steffen
 157   0   2  2261  2600 10784  4466
277 41 Andreas Steffen
 158   0  -2  1898 10580  1586  6744
278 41 Andreas Steffen
 159   0  -2  2031  4303  4379  9674
279 41 Andreas Steffen
 160   0   2  8153  5295  3898  8827
280 41 Andreas Steffen
 161   0   2  2277  6730 11103  7512
281 41 Andreas Steffen
 162   0   0  7728  5951  8617  5449
282 41 Andreas Steffen
 163  -1   0  3329  9973  2756  3798
283 41 Andreas Steffen
 164   0   4  4018  4540   262  7747
284 41 Andreas Steffen
 165   2  -2 10665  6550   101  8895
285 41 Andreas Steffen
 166   0  -2   312  5809  4027  6453
286 41 Andreas Steffen
 167   0   0  3681 11662  4601  3795
287 41 Andreas Steffen
 168   0   0   500  5083  3045 10237
288 41 Andreas Steffen
 169  -1  -2  8154  3232 10955  7992
289 41 Andreas Steffen
 170   0   0 11548  6348  5285 12164
290 41 Andreas Steffen
 171   1   0  6451    22   780  3387
291 41 Andreas Steffen
 172   1   0  5800  5147 11929  9887
292 41 Andreas Steffen
 173   1  -2  8134 11119  9744  1000
293 41 Andreas Steffen
 174   0   0  5101  7573  9100   415
294 41 Andreas Steffen
 175   1   0  9541  6816  2627  7553
295 41 Andreas Steffen
 176   1  -2 10032  6407  7662  3751
296 41 Andreas Steffen
 177  -1   2  8100  1861  3525 10574
297 41 Andreas Steffen
 178   0  -2 10999  5885  8924  7590
298 41 Andreas Steffen
 179  -1   0 11795 11656  5412 11931
299 41 Andreas Steffen
 180   0   0  1342  2873  8302  5833
300 41 Andreas Steffen
 181   0   0  8856 10345  7649  3593
301 41 Andreas Steffen
 182   0   0  7741  1590  4966 10870
302 41 Andreas Steffen
 183   0  -2  3478  2035 10096    11
303 41 Andreas Steffen
 184   1   0  8425  2564  3099  9055
304 41 Andreas Steffen
 185   1   0  4004  5338  6973 11648
305 41 Andreas Steffen
 186   0   0  4081   397  5788  3141
306 41 Andreas Steffen
 187   1  -2  6047  6044  3975  7664
307 41 Andreas Steffen
 188   0   2   975  9088  8057  9530
308 41 Andreas Steffen
 189  -1  -2  3775  8502  1657  2826
309 41 Andreas Steffen
 190   0   0    72  5348 10522  5788
310 41 Andreas Steffen
 191  -1   2  9402  7182 10043 10824
311 41 Andreas Steffen
 192  -2  -2  8696  2259   176   642
312 41 Andreas Steffen
 193   1   0  3219 10202    91  8120
313 41 Andreas Steffen
 194   0   0  7399  8460  5181  3038
314 41 Andreas Steffen
 195   1   0 10700  3012  2362  4856
315 41 Andreas Steffen
 196   1   0  4992 11439 10921   551
316 41 Andreas Steffen
 197   0   0  5563  1953  8425   923
317 41 Andreas Steffen
 198   0  -2  6322  5002 10435  5611
318 41 Andreas Steffen
 199  -1   2  5331  3700  5755  6993
319 41 Andreas Steffen
 200   0   2  5020  6081  4634  8539
320 41 Andreas Steffen
 201   0  -2  1731  4572  2581  9642
321 41 Andreas Steffen
 202   0   2 11300 11624  8550  8765
322 41 Andreas Steffen
 203   0   0  2415  4285   437  5756
323 41 Andreas Steffen
 204   0   0  1692  2723  3419  8567
324 41 Andreas Steffen
 205  -1   2 11041  8154   463  1789
325 41 Andreas Steffen
 206   0   0   229   879   660  9941
326 41 Andreas Steffen
 207   0   0 10044  8647  6406 10013
327 41 Andreas Steffen
 208   0  -2  5036 10770  3797  9730
328 41 Andreas Steffen
 209   0   2   128   719  6480  5034
329 41 Andreas Steffen
 210  -1   0  1769 10401  2634  1730
330 41 Andreas Steffen
 211  -1   0  7590  6692 10502  6910
331 41 Andreas Steffen
 212   0   0  9672  8222  8598  1131
332 41 Andreas Steffen
 213   1   0  3125  9161  4272  2293
333 41 Andreas Steffen
 214   1   0  6486  6086 10033  4450
334 41 Andreas Steffen
 215   0   2  4166 11350  4036 10531
335 41 Andreas Steffen
 216   1   0 10082 11068 11523  7992
336 41 Andreas Steffen
 217   0   2  7985  9711  4620  1352
337 41 Andreas Steffen
 218   0  -2  4946    35   768  6342
338 41 Andreas Steffen
 219   2   0  9774  8732  5103  7354
339 41 Andreas Steffen
 220  -1   0  3980  4302   175 11772
340 41 Andreas Steffen
 221  -1   0  3136 10258  9525  3299
341 41 Andreas Steffen
 222   1   0 10184 11483  7139  6837
342 41 Andreas Steffen
 223   0   2  7193  5495  9627  3249
343 41 Andreas Steffen
 224   0   2  4553 10654  1257  8703
344 41 Andreas Steffen
 225   0   2  7386  1794  2317  7187
345 41 Andreas Steffen
 226  -1   2   307 11685   515  5106
346 41 Andreas Steffen
 227  -2  -2  7122  9559  7718 11755
347 41 Andreas Steffen
 228  -1   2  3466  4578   320  9143
348 41 Andreas Steffen
 229   0   0  5051 11084  5008  1495
349 41 Andreas Steffen
 230   0   2 10973  1782  6396   707
350 41 Andreas Steffen
 231   1   0  1035  6457  5457  9829
351 41 Andreas Steffen
 232   1   2  4754  1143  5864  6112
352 41 Andreas Steffen
 233   0   2  5311  9348  7515  8484
353 41 Andreas Steffen
 234   0   2  3745 10143  2071  5422
354 41 Andreas Steffen
 235   0   0   225 10115   234  5223
355 41 Andreas Steffen
 236   0  -4 12167  3220 10760   156
356 41 Andreas Steffen
 237   0   0  5150  9392  6587  1703
357 41 Andreas Steffen
 238   0   0 11547  8431  3214  9415
358 41 Andreas Steffen
 239   0   0 10851  7709  8050  7538
359 41 Andreas Steffen
 240  -1  -2   874  4765  4964   424
360 41 Andreas Steffen
 241   1  -2 10600  1689   176  6010
361 41 Andreas Steffen
 242   1   0  5997  7556  2161  3323
362 41 Andreas Steffen
 243   0   0 11136  1266  1123  4767
363 41 Andreas Steffen
 244   1   2  8554  2615  8070   708
364 41 Andreas Steffen
 245   0   0  5773   555  5168  7272
365 41 Andreas Steffen
 246   1   0  9508  9446  7790   235
366 41 Andreas Steffen
 247  -1   0  3106  4221  6747  8893
367 41 Andreas Steffen
 248   0  -2   241  6515  5228  7759
368 41 Andreas Steffen
 249   0   0  1974 11662  7592  5613
369 41 Andreas Steffen
 250  -1  -2  3428  1764 10330 11640
370 41 Andreas Steffen
 251   1   0  4655  1942  1732  6215
371 41 Andreas Steffen
 252   0   0 11761  3245  3177   463
372 41 Andreas Steffen
 253   0   2  2542 10529 10352  4798
373 41 Andreas Steffen
 254   0   0 12279  9976  8184  1686
374 41 Andreas Steffen
 255   0   2  3742 10902  6628  4000
375 41 Andreas Steffen
 256  -1   0  6807  3116  6784  5492
376 41 Andreas Steffen
 257   1   0   901  3092  5803  7605
377 41 Andreas Steffen
 258  -1   2  5324  1193 11349  9919
378 41 Andreas Steffen
 259   0   0  2529  2195    55  4199
379 41 Andreas Steffen
 260   0   2   864 12240 10142  1047
380 41 Andreas Steffen
 261   0  -2  1873  5812  8077 11544
381 41 Andreas Steffen
 262   0   2  6561  6540   574  2394
382 41 Andreas Steffen
 263   0   0 11716   386  2798 10004
383 41 Andreas Steffen
 264  -1  -2  9511  6119  7103  8637
384 41 Andreas Steffen
 265   0   0  2030  2719  3742 11400
385 41 Andreas Steffen
 266   0   0  3930  7307  6651   307
386 41 Andreas Steffen
 267   1   0  9365 12108 10182 10128
387 41 Andreas Steffen
 268   0   0  3050  9623   605 10173
388 41 Andreas Steffen
 269  -1  -2  2608  3226  7810  7644
389 41 Andreas Steffen
 270   1   2  1443 10911  8826  9411
390 41 Andreas Steffen
 271   1   2  5348  5689   732  8915
391 41 Andreas Steffen
 272  -1   0 10309  9547  3782  4821
392 41 Andreas Steffen
 273  -1   0  7011  2137   329  5860
393 41 Andreas Steffen
 274   1   0   425   151  3881  1572
394 41 Andreas Steffen
 275  -1  -2  9483  3656  9352  8742
395 41 Andreas Steffen
 276  -1   2   467 11338  1738 10323
396 41 Andreas Steffen
 277   1   0  9537  2935 11057  4262
397 41 Andreas Steffen
 278  -1   2  2982  4478  9997  4813
398 41 Andreas Steffen
 279   0   0  7618  2654   704  6455
399 41 Andreas Steffen
 280   1  -2  6020  6996   514  3587
400 41 Andreas Steffen
 281   0   0   247  2408  9281  7266
401 41 Andreas Steffen
 282   0   0  9312  8448  1433   150
402 41 Andreas Steffen
 283  -1   2  8888   579  2432  2254
403 41 Andreas Steffen
 284   0  -2   680  8265  7767  2316
404 41 Andreas Steffen
 285   0   0 11315  3768  4554  8944
405 41 Andreas Steffen
 286  -1   0  5306  2299  8412  4745
406 41 Andreas Steffen
 287   1   0  7061  9470 10690  5659
407 41 Andreas Steffen
 288   1  -2 12278  9451  2537  6516
408 41 Andreas Steffen
 289  -1  -2  6029  4153  8159   650
409 41 Andreas Steffen
 290   0   0    83  5244   380  3384
410 41 Andreas Steffen
 291   1   0   444  3466  8086   832
411 41 Andreas Steffen
 292   0   2   625 11105  9360  7133
412 41 Andreas Steffen
 293  -1   2 10950  1635  7226  3056
413 41 Andreas Steffen
 294   0   0   601   153  7982  9289
414 41 Andreas Steffen
 295   0   0  4177  5547  8758  3163
415 41 Andreas Steffen
 296   0  -2  8037 12168  6842  3295
416 41 Andreas Steffen
 297   0   2  9675  2582  5677  8555
417 41 Andreas Steffen
 298   0  -4 11275  5739 12176  6910
418 41 Andreas Steffen
 299   0   0  8556   449  9059 11926
419 41 Andreas Steffen
 300   1  -2  7028  8263  4462  1403
420 41 Andreas Steffen
 301   1   0  9851  9816 10642  3504
421 41 Andreas Steffen
 302  -1   0  3040 12216  8553  2913
422 41 Andreas Steffen
 303  -1   4  2910  3848 11681 12110
423 41 Andreas Steffen
 304   1   0  1841 10354  4153  1376
424 41 Andreas Steffen
 305  -1   0 12210  4975  2286  5252
425 41 Andreas Steffen
 306   0   0  8918  9177  1954   260
426 41 Andreas Steffen
 307  -2   0  6909  6209  8913  5854
427 41 Andreas Steffen
 308  -1  -2  6292   703  6706 11879
428 41 Andreas Steffen
 309   1   2 11570 11111  6320  5315
429 41 Andreas Steffen
 310   0   0  5052   592  4939 12069
430 41 Andreas Steffen
 311  -1   0 10922 12185  9127  2630
431 41 Andreas Steffen
 312   0   2  7576 10464  9782  2944
432 41 Andreas Steffen
 313  -1   0  3680   366  4320  8876
433 41 Andreas Steffen
 314   1  -2  1219  3469  6931  5376
434 41 Andreas Steffen
 315   1   0  3550 10768  4531  1823
435 41 Andreas Steffen
 316  -2  -2  1658  7879 11165    95
436 41 Andreas Steffen
 317   0   0  2694  1931  5154  4973
437 41 Andreas Steffen
 318   0   0  1040   460  8549  3732
438 41 Andreas Steffen
 319  -1   0  8606  6308  8514  5351
439 41 Andreas Steffen
 320   0  -2  8549  1116 10216  4590
440 41 Andreas Steffen
 321   0   2  3357  8573  9508  1479
441 41 Andreas Steffen
 322   1  -2  6401  9086  5806   731
442 41 Andreas Steffen
 323   0   4  8810   541  1047 10610
443 41 Andreas Steffen
 324   0   0 12091  1342  9191 11664
444 41 Andreas Steffen
 325  -1  -2  3353  7216  6908  4422
445 41 Andreas Steffen
 326   1  -2  6423  5847  1781  4290
446 41 Andreas Steffen
 327  -1   0  2085  6979  3705 10865
447 41 Andreas Steffen
 328   0   0  4054  9659  7199  5282
448 41 Andreas Steffen
 329   0   0  4131  7411  9499   318
449 41 Andreas Steffen
 330   0   0  4228  5354 10302  4744
450 41 Andreas Steffen
 331   0   0  2544 11482 10185  2500
451 41 Andreas Steffen
 332  -1   0    83  4027 11600   778
452 41 Andreas Steffen
 333   0   2 10980   846  4210 11190
453 41 Andreas Steffen
 334  -1   0  9362  3868   220  7803
454 41 Andreas Steffen
 335  -1   0 11475  1085  1224  2878
455 41 Andreas Steffen
 336  -1   0  5423   164  3901  9840
456 41 Andreas Steffen
 337   0   2  4383  2284 10899  9200
457 41 Andreas Steffen
 338   0   0  3723   899 11100 10702
458 41 Andreas Steffen
 339   1   0  7305  7082  5684 11561
459 41 Andreas Steffen
 340   1   0  2908 11634  2989  2078
460 41 Andreas Steffen
 341   0  -2 10159  3082  8672  8767
461 41 Andreas Steffen
 342   1   2  4147  6030  3925  7103
462 41 Andreas Steffen
 343   0   2  6503  8183  7428  7283
463 41 Andreas Steffen
 344   0  -4  1540  5385  3648  7333
464 41 Andreas Steffen
 345   1   0  6989  2881 10619  8603
465 41 Andreas Steffen
 346   0   0  2902 12009   698  5352
466 41 Andreas Steffen
 347   0  -2  7777  8639  1878  8255
467 41 Andreas Steffen
 348   0  -2  7904  2306  2389 10217
468 41 Andreas Steffen
 349   0   0  3969  2527  9120   558
469 41 Andreas Steffen
 350   0   0   228  8105  1127 10594
470 41 Andreas Steffen
 351   0   0  7932  1438  2928  6326
471 41 Andreas Steffen
 352   0   2  7927 11962  2097  5518
472 41 Andreas Steffen
 353   0   0 11544  2417  5795 10400
473 41 Andreas Steffen
 354   0   0 10459  8131 11956  4921
474 41 Andreas Steffen
 355   0   0   312 11086  5587  7238
475 41 Andreas Steffen
 356   0   0  1452 11546  4140   441
476 41 Andreas Steffen
 357   0  -2  7851  5803  9477   584
477 41 Andreas Steffen
 358   0  -2 11293 10761 10615  6033
478 41 Andreas Steffen
 359   1  -2  2858 11927  9839  5031
479 41 Andreas Steffen
 360  -1   4   359  6204  6880  4866
480 41 Andreas Steffen
 361  -1   0  6279  3716  1209  1677
481 41 Andreas Steffen
 362  -1   2  1054  5481  3774  3606
482 41 Andreas Steffen
 363   0   0  4712  8559  7160  6192
483 41 Andreas Steffen
 364   1   0  6108 11892   260  5014
484 41 Andreas Steffen
 365  -2   0  7497  2298   580 11947
485 41 Andreas Steffen
 366   0  -2   763  7812  2847  3167
486 41 Andreas Steffen
 367   0   0 11981  4945  8923  6657
487 41 Andreas Steffen
 368   0   0  8100  6595 12018  5346
488 41 Andreas Steffen
 369   0  -2  5488  1311 11385  5183
489 41 Andreas Steffen
 370   0   2  1659  5948   912  6562
490 41 Andreas Steffen
 371  -1   0  8633  6154  9146  9371
491 41 Andreas Steffen
 372   1   0   590  1897  5342  1577
492 41 Andreas Steffen
 373   0   0  4566  6636  4267 10810
493 41 Andreas Steffen
 374   0  -2  8598  3136  1723  8798
494 41 Andreas Steffen
 375   0   0  2460  1107 10645 10256
495 41 Andreas Steffen
 376   0   2 11497  3068  5174  2397
496 41 Andreas Steffen
 377   0   0  2749  4923  7543  2680
497 41 Andreas Steffen
 378   1   4  2843  7308  7749   107
498 41 Andreas Steffen
 379  -1   0  9178  8015  8361 10628
499 41 Andreas Steffen
 380   0   0  8418  1085  7030  1309
500 41 Andreas Steffen
 381   0   0  6413  6687  6321  9605
501 41 Andreas Steffen
 382   0   0  7704  9813  2529 12015
502 41 Andreas Steffen
 383   1   0  4353 11345  5846  7362
503 41 Andreas Steffen
 384  -2   0   483   493  7176   887
504 41 Andreas Steffen
 385   0  -2  1964 12124   630 11168
505 41 Andreas Steffen
 386   0  -2 11626  7968 10413 10000
506 41 Andreas Steffen
 387  -1  -2  7600  2425  6332  3104
507 41 Andreas Steffen
 388   0   0  1875 10712  9870  4381
508 41 Andreas Steffen
 389  -1   2  5301  9244  9938  7693
509 41 Andreas Steffen
 390  -1   0  8347  1651  4708 10498
510 41 Andreas Steffen
 391  -1   0  6480  3664  7631  8055
511 41 Andreas Steffen
 392   1   0 11001  4962  3013  1707
512 41 Andreas Steffen
 393  -1   0  9167  5049 12060  7976
513 41 Andreas Steffen
 394   0   0  3871 10432  8889  9207
514 41 Andreas Steffen
 395   0   2  1900  1335  3063  7210
515 41 Andreas Steffen
 396   0   0  3446  5082 11819 11075
516 41 Andreas Steffen
 397  -1   0  9621 12019  8735  5657
517 41 Andreas Steffen
 398   0   2 10282  5977  5889  6091
518 41 Andreas Steffen
 399   0  -2  6899 10659 10654  7201
519 41 Andreas Steffen
 400   0  -2  8828 11918   530 10532
520 41 Andreas Steffen
 401   0   0  5889  5235  1426  1505
521 41 Andreas Steffen
 402   0   2 10499 11288  6888 11079
522 41 Andreas Steffen
 403   0  -2  6758 11300  3460  9527
523 41 Andreas Steffen
 404   0   2 10492  4626  9496   103
524 41 Andreas Steffen
 405   1   0  4071  5214  9330  5418
525 41 Andreas Steffen
 406   0   4  4344  5575  3054  6479
526 41 Andreas Steffen
 407   0  -2  3367   988  6366 11176
527 41 Andreas Steffen
 408  -1   0  7382  6520  1529  9724
528 41 Andreas Steffen
 409   0   0  7638  6486  4438  2460
529 41 Andreas Steffen
 410   0  -2  1148  9873  8821  1975
530 41 Andreas Steffen
 411   0   0  6283  5276 11948  5257
531 41 Andreas Steffen
 412   0   2  2366  6232 10434  9810
532 41 Andreas Steffen
 413   1   0  3431  2686  4540  2454
533 41 Andreas Steffen
 414   1   0  4532  5476 11629  4946
534 41 Andreas Steffen
 415   0   0  5428  8846   483  4258
535 41 Andreas Steffen
 416   0   4  2795  1320  8114  5350
536 41 Andreas Steffen
 417   0   2  2510 12017  2768  5050
537 41 Andreas Steffen
 418   0  -2  2406  2440  2740  6750
538 41 Andreas Steffen
 419   0   2 10282  1086   809 10400
539 41 Andreas Steffen
 420   0   0  8477  8393  3405 10159
540 41 Andreas Steffen
 421  -1   0  7203  5025   387  6339
541 41 Andreas Steffen
 422   0   0  1510    42  3061  5047
542 41 Andreas Steffen
 423   1   0  8899  1346  3963  3518
543 41 Andreas Steffen
 424   0   0  7690  4485  2532  6815
544 41 Andreas Steffen
 425   0  -2  2210 11591  2890  4503
545 41 Andreas Steffen
 426   0   0  2367  8826  8001 12127
546 41 Andreas Steffen
 427   1   2 10596  8314  7863 12185
547 41 Andreas Steffen
 428  -1  -2  6039 10099  5011  6333
548 41 Andreas Steffen
 429  -1  -2  7353  8641  6623   965
549 41 Andreas Steffen
 430   0   0  3054  6816  5283  7438
550 41 Andreas Steffen
 431  -1   0  9421  5919  7903 11491
551 41 Andreas Steffen
 432   0   0  5202 11236 11135  6875
552 41 Andreas Steffen
 433   1   0 10469  3625  5140 11409
553 41 Andreas Steffen
 434  -1   0  6457  3420  1289  3087
554 41 Andreas Steffen
 435   0   0  4981  7584  3667  8992
555 41 Andreas Steffen
 436   0   0  2486  9323  5488  6760
556 41 Andreas Steffen
 437   0  -2 10800  9052 10347  4450
557 41 Andreas Steffen
 438   1   0  1546  5976  6208 10283
558 41 Andreas Steffen
 439  -1   0 10050  8648  5275  3907
559 41 Andreas Steffen
 440   1   4 10633  8816  8122  7347
560 41 Andreas Steffen
 441  -1   0  8730  5232 12281  4754
561 41 Andreas Steffen
 442   1   2  4288  4871  6784 12192
562 41 Andreas Steffen
 443   1   0  9297  9950  4775  2378
563 41 Andreas Steffen
 444   1   2  1069   209 11331   995
564 41 Andreas Steffen
 445   0   0  7851  6881  6175  5523
565 41 Andreas Steffen
 446   0   0  5388  6671  4672  1421
566 41 Andreas Steffen
 447   0  -2 10231  5133  2309  5799
567 41 Andreas Steffen
 448  -1   0   153  9835  5074  5216
568 41 Andreas Steffen
 449   0   0 11934  2437  7339 11818
569 41 Andreas Steffen
 450  -1   0  8801  8789    48 11348
570 41 Andreas Steffen
 451   0   2  6042   987  8243 10106
571 41 Andreas Steffen
 452  -2   0 10333  2589  4798  6818
572 41 Andreas Steffen
 453  -1   0  6545  9349  9453  2743
573 41 Andreas Steffen
 454  -1  -2  4195  9643  9110 11013
574 41 Andreas Steffen
 455   0  -2  6640   357 11133  9945
575 41 Andreas Steffen
 456  -1   0 11534  6683 11405    44
576 41 Andreas Steffen
 457   0   0  7142  5256  9490 10584
577 41 Andreas Steffen
 458   0   0  7200  2149  3622  9014
578 41 Andreas Steffen
 459   0   0  7165  7039 10762  7156
579 41 Andreas Steffen
 460   1   2  8215  7133 10600  1285
580 41 Andreas Steffen
 461   2  -2 11301 10333  7383   769
581 41 Andreas Steffen
 462  -1   0  5004 10864  3139  1300
582 41 Andreas Steffen
 463   1   0 11040  3075 10760 11733
583 41 Andreas Steffen
 464   0  -2  6614  8230  3156  2279
584 41 Andreas Steffen
 465   0   0  3877  7182 10115 11440
585 41 Andreas Steffen
 466  -1   0  2357  2232  4764  2711
586 41 Andreas Steffen
 467   1  -2  3295  2363  2758  2045
587 41 Andreas Steffen
 468   0   0  8589   865  2917  2518
588 41 Andreas Steffen
 469   0   2  2772  2928  3650  6641
589 41 Andreas Steffen
 470   0   0  5177  2183  7996  8414
590 41 Andreas Steffen
 471   1  -2  6874  9197  8865  8729
591 41 Andreas Steffen
 472  -2   0  7827 11526 10909  1548
592 41 Andreas Steffen
 473   0  -2 11766  8236  6451  5159
593 41 Andreas Steffen
 474   0   2 10634  8707  6140  7148
594 41 Andreas Steffen
 475  -1   0   613  1770  4832  8487
595 41 Andreas Steffen
 476   1   2  4973  1080 10080  8202
596 41 Andreas Steffen
 477   0   0 11955  4174   873  1699
597 41 Andreas Steffen
 478  -1  -2 10831   993  6778  8348
598 41 Andreas Steffen
 479   1   0  5558  5835  7067  4186
599 41 Andreas Steffen
 480   0  -2  2702  3993  6392  6043
600 41 Andreas Steffen
 481  -1   0 12069  1685  1987  4574
601 41 Andreas Steffen
 482  -1  -2 10029  9050  6174 10299
602 41 Andreas Steffen
 483  -1   0  9883  8157 10233  1321
603 41 Andreas Steffen
 484   1   2  4512  7252  6080   699
604 41 Andreas Steffen
 485   0   0  5562   756  5195 11922
605 41 Andreas Steffen
 486   0   0  3388  2386 11462  7782
606 41 Andreas Steffen
 487   0   0  8847 11806 10279  2981
607 41 Andreas Steffen
 488   2   0  4206  9692  7466  3513
608 41 Andreas Steffen
 489   1   2 10165 11806  9176 10260
609 41 Andreas Steffen
 490   0   0  1657 11469 12267    30
610 41 Andreas Steffen
 491   0   0 10457 11636   606   319
611 41 Andreas Steffen
 492   1   0  2806  9200  7521  1752
612 41 Andreas Steffen
 493   0   0  1874  5675 11192  6546
613 41 Andreas Steffen
 494   0   2   874  5094 11842  7809
614 41 Andreas Steffen
 495  -1   0   760 12102  5115 10093
615 41 Andreas Steffen
 496  -1   0  1626  4185  9898  2052
616 41 Andreas Steffen
 497  -1   2 11878  8847  8718 11044
617 41 Andreas Steffen
 498  -1   0   952  2338  1103 11254
618 41 Andreas Steffen
 499   1  -2  2558 10638  3234  3355
619 41 Andreas Steffen
 500  -1   0  8556 11033  5603  1199
620 41 Andreas Steffen
 501   0   0  5848  7063 11603  6796
621 41 Andreas Steffen
 502   0   2  7859  2289  1071  7667
622 41 Andreas Steffen
 503   0   0  7909  7745  9517  9120
623 41 Andreas Steffen
 504   0   0  7307  3801   992  4019
624 41 Andreas Steffen
 505   0   2  4268  2937  3718  1290
625 41 Andreas Steffen
 506   0   0  7878 10639   121 12207
626 41 Andreas Steffen
 507   0  -2  9470  8437 10821  3280
627 41 Andreas Steffen
 508  -1   0  8213  9197  7737  8475
628 41 Andreas Steffen
 509  -1  -2 10700  6041  8143  5205
629 41 Andreas Steffen
 510  -1   0   344  5879  1943  2793
630 41 Andreas Steffen
 511   1   0 10325  7270  3760  2198
631 4 Andreas Steffen
</pre>
632 4 Andreas Steffen
Shown are the 512 small coefficients of the private keys *f* = *s1* and *g* = 2 * *s2* + 1 as well as their Number Theoretic Transforms (NTT) *F* and *G*, respectively. The BLISS public key *A* is computed as the component-wise inverse of *F* * *G* and the reverse NTT gives *a* = 1/(*f* * *g*) mod q with the 14 bit modulus q = 12289. Sometime it happens that *F* * *G* is not invertible, so that the following debug message is output
633 4 Andreas Steffen
<pre>
634 41 Andreas Steffen
S1[374] is zero - s1 is not invertible
635 7 Andreas Steffen
</pre>
636 10 Andreas Steffen
and another trial run is started.
637 7 Andreas Steffen
638 7 Andreas Steffen
h2. BLISS Root CA Certificate Generation
639 7 Andreas Steffen
640 21 Andreas Steffen
A self-signed BLISS CA certificate can be generated with the following command
641 7 Andreas Steffen
<pre>
642 49 Andreas Steffen
pki --self --type bliss --in cakey4.pem --ca --dn "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" --lifetime 3653 --digest sha512 --debug 2 --outform pem > cacert4.pem
643 48 Andreas Steffen
</pre>
644 7 Andreas Steffen
645 48 Andreas Steffen
The BLISS private key is read and parsed
646 48 Andreas Steffen
<pre>
647 7 Andreas Steffen
  file content is not binary ASN.1
648 7 Andreas Steffen
  -----BEGIN BLISS PRIVATE KEY-----
649 7 Andreas Steffen
  -----END BLISS PRIVATE KEY-----
650 7 Andreas Steffen
651 7 Andreas Steffen
L0 - BLISSPrivateKey:
652 1 Andreas Steffen
L1 - keyType:
653 48 Andreas Steffen
  'BLISS-B-IV'
654 7 Andreas Steffen
L1 - public:
655 7 Andreas Steffen
L1 - secret1:
656 7 Andreas Steffen
L1 - secret2:
657 7 Andreas Steffen
L0 - subjectPublicKeyInfo:
658 7 Andreas Steffen
L1 - algorithm:
659 7 Andreas Steffen
L2 - algorithmIdentifier:
660 1 Andreas Steffen
L3 - algorithm:
661 7 Andreas Steffen
  'blissPublicKey'
662 1 Andreas Steffen
L3 - parameters:
663 1 Andreas Steffen
L4 - blissKeyType:
664 48 Andreas Steffen
  'BLISS-B-IV'
665 1 Andreas Steffen
L1 - subjectPublicKey:
666 48 Andreas Steffen
</pre>
667 1 Andreas Steffen
668 49 Andreas Steffen
First signature round:
669 48 Andreas Steffen
<pre>
670 1 Andreas Steffen
mgf1 based on sha256 is seeded with 32 octets
671 49 Andreas Steffen
y1 = -937..665 (sigma2 = 71312, mean =  6.0)
672 49 Andreas Steffen
y2 = -961..788 (sigma2 = 78187, mean = 11.3)
673 1 Andreas Steffen
674 49 Andreas Steffen
mgf1 based on sha512 is seeded with 1088 octets
675 1 Andreas Steffen
mgf1 generated 64 octets
676 1 Andreas Steffen
677 49 Andreas Steffen
norm2(s1*c') + norm2(s2*c') = 54394 (69576 max), accepted
678 49 Andreas Steffen
scalar(z1,s1*c) + scalar(z2,s2*c) = 121971, rejected
679 49 Andreas Steffen
680 49 Andreas Steffen
mgf1 generated 10112 octets
681 1 Andreas Steffen
</pre>
682 1 Andreas Steffen
683 49 Andreas Steffen
Second signature round:
684 1 Andreas Steffen
<pre>
685 1 Andreas Steffen
mgf1 based on sha256 is seeded with 32 octets
686 49 Andreas Steffen
y1 = -809..845 (sigma2 = 68853, mean = -6.4)
687 49 Andreas Steffen
y2 = -758..716 (sigma2 = 69034, mean = -19.2)
688 49 Andreas Steffen
</pre>
689 1 Andreas Steffen
690 50 Andreas Steffen
Random oracle based on MGF1 and SHA-512 generates &kappa; = 39 non-zero c_indices:
691 49 Andreas Steffen
<pre>
692 49 Andreas Steffen
mgf1 based on sha512 is seeded with 1088 octets
693 49 Andreas Steffen
694 49 Andreas Steffen
 i  c_index[i]
695 49 Andreas Steffen
 0      482
696 49 Andreas Steffen
 1      309
697 49 Andreas Steffen
 2       98
698 49 Andreas Steffen
 3      333
699 49 Andreas Steffen
 4      472
700 49 Andreas Steffen
 5       55
701 49 Andreas Steffen
 6      218
702 49 Andreas Steffen
 7      142
703 49 Andreas Steffen
 8      221
704 49 Andreas Steffen
 9      175
705 49 Andreas Steffen
10      387
706 49 Andreas Steffen
11      443
707 49 Andreas Steffen
12      225
708 49 Andreas Steffen
13       96
709 49 Andreas Steffen
14      316
710 49 Andreas Steffen
15      359
711 49 Andreas Steffen
16      394
712 49 Andreas Steffen
17      307
713 49 Andreas Steffen
18      144
714 49 Andreas Steffen
19      420
715 49 Andreas Steffen
20       37
716 49 Andreas Steffen
21      146
717 49 Andreas Steffen
22       45
718 49 Andreas Steffen
23      171
719 49 Andreas Steffen
24      240
720 49 Andreas Steffen
25      471
721 49 Andreas Steffen
26      323
722 49 Andreas Steffen
27       49
723 49 Andreas Steffen
28       29
724 49 Andreas Steffen
29       78
725 49 Andreas Steffen
30      377
726 49 Andreas Steffen
31      462
727 49 Andreas Steffen
32      473
728 49 Andreas Steffen
33       15
729 49 Andreas Steffen
34      351
730 49 Andreas Steffen
35       77
731 49 Andreas Steffen
36       35
732 49 Andreas Steffen
37      449
733 49 Andreas Steffen
38      424
734 49 Andreas Steffen
735 51 Andreas Steffen
41  index trials
736 48 Andreas Steffen
mgf1 generated 64 octets
737 49 Andreas Steffen
</pre>
738 48 Andreas Steffen
739 50 Andreas Steffen
<pre>
740 49 Andreas Steffen
norm2(s1*c') + norm2(s2*c') = 52674 (69576 max), accepted
741 49 Andreas Steffen
scalar(z1,s1*c) + scalar(z2,s2*c) = 15806, accepted
742 1 Andreas Steffen
743 49 Andreas Steffen
z1 = -811..853, z2d = -3..3
744 49 Andreas Steffen
745 49 Andreas Steffen
efficiency of Huffman coder is 3.3340 bits/tuple (1707 bits)
746 49 Andreas Steffen
generated BLISS signature (6666 bits encoded in 834 bytes)
747 10 Andreas Steffen
signature generation needed 2 rounds
748 48 Andreas Steffen
749 49 Andreas Steffen
mgf1 generated 10240 octets
750 48 Andreas Steffen
</pre>
751 1 Andreas Steffen
752 1 Andreas Steffen
With a debug level of 2 you get quite a lot of debug information. Starting from the top, the automatic conversion from PEM to DER format is shown, followed by the ASN.1 encoding of the BLISS private key from which the BLISS public key is extracted. Then in order to generate the BLISS certificate signature, two vectors *y1* and *y2* with 512 random numbers tightly following a Gaussian probability distribution using rejection sampling are generated. This process often requires several rounds and a lot of random bits are used. The BLISS signature finally consists of the random vectors *z1* and *z2* as well as the sparse challenge vector *c*.
753 1 Andreas Steffen
754 10 Andreas Steffen
A BLISS certificate can be displayed at any time with
755 10 Andreas Steffen
<pre>
756 10 Andreas Steffen
pki --print --debug 2 --in cacert4.pem
757 10 Andreas Steffen
758 49 Andreas Steffen
  file content is not binary ASN.1
759 49 Andreas Steffen
  -----BEGIN CERTIFICATE-----
760 49 Andreas Steffen
  -----END CERTIFICATE-----
761 49 Andreas Steffen
762 11 Andreas Steffen
L0 - x509:
763 10 Andreas Steffen
L1 - tbsCertificate:
764 42 Andreas Steffen
L2 - DEFAULT v1:
765 11 Andreas Steffen
L3 - version:
766 10 Andreas Steffen
  X.509v3
767 42 Andreas Steffen
L2 - serialNumber:
768 1 Andreas Steffen
L2 - signature:
769 1 Andreas Steffen
L3 - algorithmIdentifier:
770 1 Andreas Steffen
L4 - algorithm:
771 1 Andreas Steffen
  'BLISS-with-SHA512'
772 42 Andreas Steffen
L2 - issuer:
773 42 Andreas Steffen
  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
774 42 Andreas Steffen
L2 - validity:
775 42 Andreas Steffen
L3 - notBefore:
776 42 Andreas Steffen
L4 - utcTime:
777 49 Andreas Steffen
  'Jul 28 10:10:44 UTC 2015'
778 1 Andreas Steffen
L3 - notAfter:
779 42 Andreas Steffen
L4 - utcTime:
780 49 Andreas Steffen
  'Jul 28 10:10:44 UTC 2025'
781 42 Andreas Steffen
L2 - subject:
782 42 Andreas Steffen
  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
783 42 Andreas Steffen
L2 - subjectPublicKeyInfo:
784 42 Andreas Steffen
-- > --
785 42 Andreas Steffen
L0 - subjectPublicKeyInfo:
786 42 Andreas Steffen
L1 - algorithm:
787 42 Andreas Steffen
L2 - algorithmIdentifier:
788 1 Andreas Steffen
L3 - algorithm:
789 11 Andreas Steffen
  'blissPublicKey'
790 11 Andreas Steffen
L3 - parameters:
791 1 Andreas Steffen
L0 - subjectPublicKeyInfo:
792 11 Andreas Steffen
L1 - algorithm:
793 1 Andreas Steffen
L2 - algorithmIdentifier:
794 1 Andreas Steffen
L3 - algorithm:
795 11 Andreas Steffen
  'blissPublicKey'
796 1 Andreas Steffen
L3 - parameters:
797 11 Andreas Steffen
L4 - blissKeyType:
798 49 Andreas Steffen
  'BLISS-B-IV'
799 10 Andreas Steffen
L1 - subjectPublicKey:
800 1 Andreas Steffen
-- < --
801 1 Andreas Steffen
L2 - optional extensions:
802 1 Andreas Steffen
L3 - extensions:
803 1 Andreas Steffen
L4 - extension:
804 10 Andreas Steffen
L5 - extnID:
805 11 Andreas Steffen
  'basicConstraints'
806 10 Andreas Steffen
L5 - critical:
807 10 Andreas Steffen
  TRUE
808 12 Andreas Steffen
L5 - extnValue:
809 12 Andreas Steffen
L6 - basicConstraints:
810 1 Andreas Steffen
L7 - CA:
811 11 Andreas Steffen
  TRUE
812 1 Andreas Steffen
L4 - extension:
813 1 Andreas Steffen
L5 - extnID:
814 1 Andreas Steffen
  'keyUsage'
815 1 Andreas Steffen
L5 - critical:
816 1 Andreas Steffen
  TRUE
817 1 Andreas Steffen
L5 - extnValue:
818 11 Andreas Steffen
L4 - extension:
819 11 Andreas Steffen
L5 - extnID:
820 10 Andreas Steffen
  'subjectKeyIdentifier'
821 10 Andreas Steffen
L5 - critical:
822 21 Andreas Steffen
  FALSE
823 10 Andreas Steffen
L5 - extnValue:
824 13 Andreas Steffen
L6 - keyIdentifier:
825 11 Andreas Steffen
L1 - signatureAlgorithm:
826 42 Andreas Steffen
L2 - algorithmIdentifier:
827 12 Andreas Steffen
L3 - algorithm:
828 12 Andreas Steffen
  'BLISS-with-SHA512'
829 11 Andreas Steffen
L1 - signatureValue:
830 1 Andreas Steffen
831 49 Andreas Steffen
z1 = -811..853, z2d = -3..3
832 42 Andreas Steffen
833 49 Andreas Steffen
mgf1 based on sha512 is seeded with 1088 octets
834 49 Andreas Steffen
mgf1 generated 64 octets
835 49 Andreas Steffen
836 1 Andreas Steffen
cert:      X509
837 42 Andreas Steffen
subject:  "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
838 42 Andreas Steffen
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
839 49 Andreas Steffen
validity:  not before Jul 28 12:10:44 2015, ok
840 49 Andreas Steffen
           not after  Jul 28 12:10:44 2025, ok (expires in 3652 days)
841 49 Andreas Steffen
serial:    7b:79:fb:00:a5:f6:c8:47
842 12 Andreas Steffen
flags:     CA CRLSign self-signed 
843 12 Andreas Steffen
subjkeyId: 47:bd:9e:5e:a8:58:ce:60:14:73:f3:54:7c:e8:28:10:7b:e6:c7:65
844 12 Andreas Steffen
pubkey:    BLISS 192 bits strength
845 12 Andreas Steffen
keyid:     1c:a7:5c:94:d1:ee:f6:c7:94:21:18:e5:ef:89:b3:c3:64:42:24:97
846 12 Andreas Steffen
subjkey:   47:bd:9e:5e:a8:58:ce:60:14:73:f3:54:7c:e8:28:10:7b:e6:c7:65
847 42 Andreas Steffen
</pre>
848 12 Andreas Steffen
849 12 Andreas Steffen
h2. BLISS End Entity Certificate Generation
850 12 Andreas Steffen
851 12 Andreas Steffen
We are now going to generate a BLISS-I key pair for user Carol:
852 12 Andreas Steffen
<pre>
853 13 Andreas Steffen
pki --gen --type bliss --size 1 > carolKey.der
854 12 Andreas Steffen
855 12 Andreas Steffen
secret key generation succeeded after 1 trial
856 12 Andreas Steffen
</pre>
857 13 Andreas Steffen
Next we create a self-signed PKCS#10 certificate request
858 12 Andreas Steffen
<pre>
859 12 Andreas Steffen
 pki --req --type bliss --in carolKey.der --dn "C=CH, O=strongSwan Project, CN=carol@strongswan.org" --san carol@strongswan.org > carolReq.der
860 12 Andreas Steffen
</pre>
861 12 Andreas Steffen
which is used as the input for the CA to create a signed end entity certificate:
862 12 Andreas Steffen
<pre>
863 1 Andreas Steffen
 pki --issue --type pkcs10 --in carolReq.der --cacert cacert4.pem --cakey cakey4.pem --crl http://crl.strongswan.org/bliss.crl --flag clientAuth > carolCert.der
864 42 Andreas Steffen
</pre>
865 42 Andreas Steffen
and which has the following content
866 42 Andreas Steffen
<pre>
867 1 Andreas Steffen
pki --print --in carolCert.der
868 42 Andreas Steffen
869 12 Andreas Steffen
cert:      X509
870 42 Andreas Steffen
subject:  "C=CH, O=strongSwan Project, CN=carol@strongswan.org"
871 42 Andreas Steffen
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
872 12 Andreas Steffen
validity:  not before Mar 15 18:04:00 2015, ok
873 42 Andreas Steffen
           not after  Mar 14 18:04:00 2018, ok (expires in 1094 days)
874 42 Andreas Steffen
serial:    43:63:44:f0:7f:2f:aa:dc
875 13 Andreas Steffen
altNames:  carol@strongswan.org
876 13 Andreas Steffen
flags:     clientAuth 
877 36 Andreas Steffen
CRL URIs:  http://crl.strongswan.org/bliss.crl
878 15 Andreas Steffen
authkeyId: 47:bd:9e:5e:a8:58:ce:60:14:73:f3:54:7c:e8:28:10:7b:e6:c7:65
879 15 Andreas Steffen
subjkeyId: cb:b5:c3:d5:00:ba:bb:90:ec:80:99:05:68:72:ae:3b:04:f8:9b:5f
880 14 Andreas Steffen
pubkey:    BLISS 128 bits strength
881 14 Andreas Steffen
keyid:     f5:0e:6e:0c:4c:65:ac:03:41:bf:5c:9f:26:d5:52:dc:87:6b:3d:15
882 14 Andreas Steffen
subjkey:   cb:b5:c3:d5:00:ba:bb:90:ec:80:99:05:68:72:ae:3b:04:f8:9b:5f
883 43 Andreas Steffen
</pre>
884 43 Andreas Steffen
885 43 Andreas Steffen
h2. IKEv2 Public Key Authentication using BLISS Signatures
886 43 Andreas Steffen
887 43 Andreas Steffen
The "ikev2/rw-ntru-bliss":http://www.strongswan.org/uml/testresults5/ikev2/rw-ntru-bliss/ strongSwan remote-access VPN scenario shows the practical use of IKEv2 public key authentication based on BLISS signatures. The larger size of the BLISS signatures and certificates compared to RSA is not a problem because IKEv2 Message Fragmentation ("RFC 7383":http://tools.ietf.org/html/rfc7383) is being used:
888 43 Andreas Steffen
889 43 Andreas Steffen
IKE_AUTH Request
890 43 Andreas Steffen
<pre>
891 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[IKE] sending end entity cert "C=CH, O=Linux strongSwan, OU=BLISS I, CN=carol@strongswan.org"
892 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[IKE] establishing CHILD_SA home
893 15 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
894 14 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[ENC] splitting IKE message with length of 3232 bytes into 3 fragments
895 14 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
896 14 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
897 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
898 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
899 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
900 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (452 bytes)
901 43 Andreas Steffen
</pre>
902 43 Andreas Steffen
903 43 Andreas Steffen
IKE_AUTH Response
904 43 Andreas Steffen
<pre>
905 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
906 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 14[ENC] parsed IKE_AUTH response 1 [ EF ]
907 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 14[ENC] received fragment #1 of 3, waiting for complete IKE message
908 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
909 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 14[ENC] parsed IKE_AUTH response 1 [ EF ]
910 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 14[ENC] received fragment #2 of 3, waiting for complete IKE message
911 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (580 bytes)
912 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ EF ]
913 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[ENC] received fragment #3 of 3, reassembling fragmented IKE message
914 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
915 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[IKE] received end entity cert "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
916 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   using certificate "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
917 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
918 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
919 15 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan_bliss.crl' ...
920 15 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
921 14 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
922 1 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   crl is valid: until Apr 14 11:08:14 2015
923 1 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG] certificate status is good
924 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[CFG]   reached self-signed root ca with a path length of 0
925 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[IKE] authentication of 'moon.strongswan.org' with BLISS_WITH_SHA512 successful
926 43 Andreas Steffen
Mar 15 12:18:03 carol charon: 15[IKE] IKE_SA home[1] established between 192.168.0.100[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]
927 43 Andreas Steffen
</pre>
928 1 Andreas Steffen
BTW- the key exchange method used is [[NTRU|NTRU Encryption]] so that the strongSwan IPsec connection setup is not vulnerable to quantum computer based key attacks:
929 1 Andreas Steffen
930 1 Andreas Steffen
IKE_SA_INIT Request
931 1 Andreas Steffen
<pre>
932 16 Andreas Steffen
Mar 15 12:18:03 carol charon: 12[IKE] initiating IKE_SA home[1] to 192.168.0.1
933 16 Andreas Steffen
Mar 15 12:18:03 carol charon: 12[LIB] 128 bit optimum NTRU parameter set ees439ep1 selected
934 16 Andreas Steffen
Mar 15 12:18:03 carol charon: 12[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) V ]
935 19 Andreas Steffen
Mar 15 12:18:03 carol charon: 12[NET] sending packet: from 192.168.0.100[500] to 192.168.0.1[500] (829 bytes)
936 19 Andreas Steffen
</pre>
937 35 Andreas Steffen
938 1 Andreas Steffen
h2. Design Details on BLISS Signatures
939 35 Andreas Steffen
940 33 Andreas Steffen
* For Gaussian sampling we are using a Bernoulli Sampler as described in "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 but currently not a Cumulative Distribution Table (CDT). This means the Gaussian rejection sampling currently requires a lot of random material which is produced using the "MGF1":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/crypto/mgf1/mgf1.h Mask Generation Function ("RFC 2437":http://tools.ietf.org/html/rfc2437#section-10.2.1) seeded by a true random source. The hash function used with MGF1 is currently SHA-1 for cryptographic strengths up to 160 bits, and SHA-256 for strengths up to 256 bits but we think about generally switching to SHA-512 since that hash function is used for the random oracle used by the BLISS signature anyway and SHA-512 performance is usually superior to SHA-256 on 64 bit platforms.
941 34 Andreas Steffen
942 34 Andreas Steffen
* In order to minimize the BLISS signature size, a set of [[BlissHuffmanCodes|Huffman Codes]] is used to encode the tuples (abs(z1[i]) >> 8, z2d[i]), with i = 0 .. 511. The sign and lower 8 bits of z1[i] are encoded using a fixed 9 bit field as described by Thomas Pöppelmann, Léo Ducas and Tim Güneysu in "Enhanced Lattice-Based Signatures on Reconfigurable Hardware":http://eprint.iacr.org/2014/254.pdf.
943 34 Andreas Steffen
944 1 Andreas Steffen
* Measured BLISS Signature Size*
945 35 Andreas Steffen
946 35 Andreas Steffen
  |Scheme    |Bit-packed  |Partially Huffman-coded     |Compression Rates        |
947 23 Andreas Steffen
  |BLISS-I   |>.7375 bits |>.5718 .. 5793 .. 5884 bits |>.22.5 .. 21.4 .. 20.2 % |
948 23 Andreas Steffen
  |BLISS-III |>.7950 bits |>.6093 .. 6167 .. 6255 bits |>.23.4 .. 22.4 .. 21.3 % |
949 23 Andreas Steffen
  |BLISS-IV  |>.8543 bits |>.6644 .. 6725 .. 6784 bits |>.22.3 .. 21.3 .. 20.6 % |
950 26 Andreas Steffen
951 26 Andreas Steffen
  *statistics based on a measurement set of 50 signatures, each
952 26 Andreas Steffen
953 26 Andreas Steffen
h2. ASN.1 Syntax
954 26 Andreas Steffen
955 26 Andreas Steffen
h3. Object Identifiers
956 26 Andreas Steffen
957 26 Andreas Steffen
<pre>
958 43 Andreas Steffen
id-bliss { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) ita(36906) bliss(5) }
959 43 Andreas Steffen
960 43 Andreas Steffen
keyType { id-bliss 1 }
961 43 Andreas Steffen
962 43 Andreas Steffen
blissPublicKey { keyType 1 }
963 43 Andreas Steffen
964 43 Andreas Steffen
parameters { id-bliss 2 }
965 43 Andreas Steffen
966 26 Andreas Steffen
bliss-I     = { parameters 1 }
967 27 Andreas Steffen
bliss-II    = { parameters 2 }
968 26 Andreas Steffen
bliss-III   = { parameters 3 }
969 27 Andreas Steffen
bliss-IV    = { parameters 4 }
970 47 Andreas Steffen
bliss-B-I   = { parameters 5 }
971 47 Andreas Steffen
bliss-B-II  = { parameters 6 }
972 23 Andreas Steffen
bliss-B-III = { parameters 7 }
973 23 Andreas Steffen
bliss-B-IV  = { parameters 8 }
974 23 Andreas Steffen
975 23 Andreas Steffen
blissSigType = { id-bliss 3 }
976 27 Andreas Steffen
977 56 Andreas Steffen
blissWithSha2-512 = { blissSigType 1 }
978 56 Andreas Steffen
blissWithSha2-384 = { blissSigType 2 }
979 56 Andreas Steffen
blissWithSha2-256 = { blissSigType 3 }
980 55 Andreas Steffen
blissWithSha3-512 = { blissSigType 4 }
981 55 Andreas Steffen
blissWithSha3-384 = { blissSigType 5 }
982 55 Andreas Steffen
blissWithSha3-256 = { blissSigType 6 }
983 55 Andreas Steffen
984 23 Andreas Steffen
</pre>
985 23 Andreas Steffen
986 29 Andreas Steffen
h3. BLISS Private Key
987 1 Andreas Steffen
988 44 Andreas Steffen
<pre>
989 29 Andreas Steffen
BlissPrivateKey  ::= SEQUENCE {
990 1 Andreas Steffen
    parameter OBJECT IDENTIFIER,
991 28 Andreas Steffen
    public    BIT STRING, -- A
992 28 Andreas Steffen
    secret1   BIT STRING, -- s1
993 28 Andreas Steffen
    secret2   BIT STRING  -- s2 }
994 1 Andreas Steffen
</pre>
995 28 Andreas Steffen
996 28 Andreas Steffen
As *parameter* one of the BLISS parameters OIDs *bliss-B-I* .. *bliss-B-IV* is used.
997 28 Andreas Steffen
998 23 Andreas Steffen
h3. BLISS Public Key
999 1 Andreas Steffen
1000 30 Andreas Steffen
<pre>
1001 23 Andreas Steffen
SubjectPublicKeyInfo  ::=  SEQUENCE  {
1002 44 Andreas Steffen
    algorithm         AlgorithmIdentifier,
1003 45 Andreas Steffen
    subjectPublicKey  BIT STRING  }
1004 45 Andreas Steffen
1005 45 Andreas Steffen
AlgorithmIdentifier  ::=  SEQUENCE  {
1006 46 Andreas Steffen
    algorithm         OBJECT IDENTIFIER,
1007 46 Andreas Steffen
    parameters        OBJECT IDENTIFER }
1008 45 Andreas Steffen
</pre>
1009 1 Andreas Steffen
1010 1 Andreas Steffen
As *algorithm* the *blissPublicKey* OID is used and *parameters* indicates one of the BLISS parameter OIDs *bliss-B-I* .. *bliss-B-IV*. 
1011 1 Andreas Steffen
1012 1 Andreas Steffen
h2. References
1013 1 Andreas Steffen
1014 1 Andreas Steffen
* "BLISS Home":http://bliss.di.ens.fr/ at ENS (École Normale Supérieure)
1015 1 Andreas Steffen
1016 1 Andreas Steffen
* "Practical Lattice-based Digital Signature Schemes":http://csrc.nist.gov/groups/ST/post-quantum-2015/presentations/session9-oneill-maire.pdf, NIST Workshop on Cybersecurity in a Post-Quantum World
1017 1 Andreas Steffen