BLISS: Bimodal Lattice Signature Schemes

On this page, you can find a proof-of-concept implementation of the BLISS cryptosystem as described in the article

L. Ducas, A. Durmus, T. Lepoint, V. Lyubashevsky, Lattice Signatures and Bimodal Gaussians

published at CRYPTO 2013.

Download the Implementation

This implementation in C++ requires NTL and is strictly a research-oriented implementation; therefore it contains numerous debugging hooks or dirty hacks, the configurations variables are hard-coded and there is no documentation. Consequently, this ugly code should not be considered as a source of shame or embarrassment for the authors.

This academic implementation is NOT to be used, not to be considered secured nor pretty code. However we publish it under CeCILL license as a way to support code-sharing and to allow the community to verify easily both the correctness and the efficiency of this signature scheme.

If you have any questions regarding the implementation or if you are interested by an efficient and secure implementation of BLISS, please contact us at

Improvement of BLISS: BLISS-B

A amelioration of BLISS called BLISS-B is described in L. Ducas, Accelerating Bliss: the geometry of ternary polynomials, preserves all the security of BLISS while speeding up the key generation by a factor 5 to 10 and the signing by a factor 2 to 3.

BLISS in strongSwan

A production-grade open source C implementation of the BLISS and BLISS-B signature schemes by the strongSwan VPN project:

Software applications can use the libstrongswan library with the bliss plugin to do BLISS signature generation and verification. The stand-alone strongSwan pki command allows to generate BLISS key pairs and X.509 BLISS certificates.

FPGA Implementation

An FPGA implementation is described in T. Poppelmann, L. Ducas, T. Guneysu, Enhanced Lattice-Based Signatures on Reconfigurable Hardware and available at