Fast polynomial inversion for post quantum QC-MDPC cryptography

Nir Drucker, Shay Gueron, Dusan Kostic

Research output: Contribution to journalArticlepeer-review

Abstract

New post-quantum Key Encapsulation Mechanism (KEM) designs, evaluated as part of the NIST PQC standardization Project, pose challenging tradeoffs between communication bandwidth and computational overheads. Several KEM designs evaluated in Round-2 of the project are based on QC-MDPC codes. BIKE-2 uses the smallest communication bandwidth, but its key generation requires a costly polynomial inversion. In this paper, we provide details on the optimized polynomial inversion algorithm for QC-MDPC codes (originally proposed in the conference version of this work). This algorithm makes the runtime of BIKE-2 key generation tolerable. It brings a speedup of 11.4× over the commonly used NTL library, and 83.5× over OpenSSL. We achieve additional speedups by leveraging the latest Intel's Vector-PCLMULQDQ instructions, 14.3× over NTL and 103.9× over OpenSSL. Our algorithm and implementation were the reason that BIKE team chose BIKE-2 as the only scheme for its Round-3 specification (now called BIKE).

Original languageEnglish
Article number104799
JournalInformation and Computation
Volume281
DOIs
StatePublished - Dec 2021

Bibliographical note

Funding Information:
This research was partly supported by: NSF-BSF Grant 2018640 ; The BIU Center for Research in Applied Cryptography and Cyber Security , and the Center for Cyber Law and Policy at the University of Haifa , both in conjunction with the Israel National Cyber Bureau in the Prime Minister's Office.

Publisher Copyright:
© 2021 The Authors

Keywords

  • BIKE
  • Constant-time algorithm
  • Constant-time implementation
  • NIST PQC round-3
  • Polynomial inversion
  • QC-MDPC codes

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Information Systems
  • Computer Science Applications
  • Computational Theory and Mathematics

Fingerprint

Dive into the research topics of 'Fast polynomial inversion for post quantum QC-MDPC cryptography'. Together they form a unique fingerprint.

Cite this