On Constant-Time QC-MDPC decoders with negligible failure rate

Nir Drucker; Shay Gueron; Dusan Kostic

doi:10.1007/978-3-030-54074-6_4

On Constant-Time QC-MDPC decoders with negligible failure rate

Nir Drucker, Shay Gueron, Dusan Kostic

Department of Mathematics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The QC-MDPC code-based KEM Bit Flipping Key Encapsulation (BIKE) is one of the Round-2 candidates of the NIST PQC standardization project. It has a variant that is proved to be IND-CCA secure. The proof models the KEM with some black-box (“ideal”) primitives. Specifically, the decapsulation invokes an ideal primitive called “decoder”, required to deliver its output with a negligible Decoding Failure Rate (DFR). The concrete instantiation of BIKE substitutes this ideal primitive with a new decoding algorithm called “Backflip”, that is shown to have the required negligible DFR. However, it runs in a variable number of steps and this number depends on the input and on the key. This paper proposes a decoder that has a negligible DFR and also runs in a fixed (and small) number of steps. We propose that the instantiation of BIKE uses this decoder with our recommended parameters. We study the decoder’s DFR as a function of the scheme’s parameters to obtain a favorable balance between the communication bandwidth and the number of steps that the decoder runs. In addition, we build a constant-time software implementation of the proposed instantiation, and show that its performance characteristics are quite close to the IND-CPA variant. Finally, we discuss a subtle gap that needs to be resolved for every IND-CCA secure KEM (BIKE included) where the decapsulation has nonzero failure probability: the difference between average DFR and “worst-case” failure probability per key and ciphertext.

Original language	English
Title of host publication	Code-Based Cryptography - 8th International Workshop, CBCrypto 2020, Revised Selected Papers
Editors	Marco Baldi, Paolo Santini, Edoardo Persichetti
Publisher	Springer
Pages	50-79
Number of pages	30
ISBN (Print)	9783030540739
DOIs	https://doi.org/10.1007/978-3-030-54074-6_4
State	Published - 2020
Event	8th International Workshop on Code-Based Cryptography, CBCrypto 2020 - Zagreb, Croatia Duration: 9 May 2020 → 10 May 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12087 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	8th International Workshop on Code-Based Cryptography, CBCrypto 2020
Country/Territory	Croatia
City	Zagreb
Period	9/05/20 → 10/05/20

Bibliographical note

Funding Information:
This research was partly supported by: NSF-BSF Grant 2018640; The BIU Center for Research in Applied Cryptography and Cyber Security, and the Center for Cyber Law and Policy at the University of Haifa, both in conjunction with the Israel National Cyber Directorate in the Prime Minister’s Office.

Publisher Copyright:
© Springer Nature Switzerland AG 2020.

Keywords

BIKE
Constant-time algorithm
Constant-time implementation
IND-CCA
QC-MDPC codes

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science (all)

Access to Document

10.1007/978-3-030-54074-6_4

Cite this

Drucker, N., Gueron, S., & Kostic, D. (2020). On Constant-Time QC-MDPC decoders with negligible failure rate. In M. Baldi, P. Santini, & E. Persichetti (Eds.), Code-Based Cryptography - 8th International Workshop, CBCrypto 2020, Revised Selected Papers (pp. 50-79). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12087 LNCS). Springer. https://doi.org/10.1007/978-3-030-54074-6_4

Drucker, Nir ; Gueron, Shay ; Kostic, Dusan. / On Constant-Time QC-MDPC decoders with negligible failure rate. Code-Based Cryptography - 8th International Workshop, CBCrypto 2020, Revised Selected Papers. editor / Marco Baldi ; Paolo Santini ; Edoardo Persichetti. Springer, 2020. pp. 50-79 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{c4e1be398dd34c5ca28e87b632a5cd0d,

title = "On Constant-Time QC-MDPC decoders with negligible failure rate",

abstract = "The QC-MDPC code-based KEM Bit Flipping Key Encapsulation (BIKE) is one of the Round-2 candidates of the NIST PQC standardization project. It has a variant that is proved to be IND-CCA secure. The proof models the KEM with some black-box (“ideal”) primitives. Specifically, the decapsulation invokes an ideal primitive called “decoder”, required to deliver its output with a negligible Decoding Failure Rate (DFR). The concrete instantiation of BIKE substitutes this ideal primitive with a new decoding algorithm called “Backflip”, that is shown to have the required negligible DFR. However, it runs in a variable number of steps and this number depends on the input and on the key. This paper proposes a decoder that has a negligible DFR and also runs in a fixed (and small) number of steps. We propose that the instantiation of BIKE uses this decoder with our recommended parameters. We study the decoder{\textquoteright}s DFR as a function of the scheme{\textquoteright}s parameters to obtain a favorable balance between the communication bandwidth and the number of steps that the decoder runs. In addition, we build a constant-time software implementation of the proposed instantiation, and show that its performance characteristics are quite close to the IND-CPA variant. Finally, we discuss a subtle gap that needs to be resolved for every IND-CCA secure KEM (BIKE included) where the decapsulation has nonzero failure probability: the difference between average DFR and “worst-case” failure probability per key and ciphertext.",

keywords = "BIKE, Constant-time algorithm, Constant-time implementation, IND-CCA, QC-MDPC codes",

author = "Nir Drucker and Shay Gueron and Dusan Kostic",

note = "Funding Information: This research was partly supported by: NSF-BSF Grant 2018640; The BIU Center for Research in Applied Cryptography and Cyber Security, and the Center for Cyber Law and Policy at the University of Haifa, both in conjunction with the Israel National Cyber Directorate in the Prime Minister{\textquoteright}s Office. Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2020.; 8th International Workshop on Code-Based Cryptography, CBCrypto 2020 ; Conference date: 09-05-2020 Through 10-05-2020",

year = "2020",

doi = "10.1007/978-3-030-54074-6_4",

language = "English",

isbn = "9783030540739",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "50--79",

editor = "Marco Baldi and Paolo Santini and Edoardo Persichetti",

booktitle = "Code-Based Cryptography - 8th International Workshop, CBCrypto 2020, Revised Selected Papers",

address = "Germany",

}

Drucker, N, Gueron, S & Kostic, D 2020, On Constant-Time QC-MDPC decoders with negligible failure rate. in M Baldi, P Santini & E Persichetti (eds), Code-Based Cryptography - 8th International Workshop, CBCrypto 2020, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12087 LNCS, Springer, pp. 50-79, 8th International Workshop on Code-Based Cryptography, CBCrypto 2020, Zagreb, Croatia, 9/05/20. https://doi.org/10.1007/978-3-030-54074-6_4

On Constant-Time QC-MDPC decoders with negligible failure rate. / Drucker, Nir; Gueron, Shay; Kostic, Dusan.

Code-Based Cryptography - 8th International Workshop, CBCrypto 2020, Revised Selected Papers. ed. / Marco Baldi; Paolo Santini; Edoardo Persichetti. Springer, 2020. p. 50-79 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12087 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On Constant-Time QC-MDPC decoders with negligible failure rate

AU - Drucker, Nir

AU - Gueron, Shay

AU - Kostic, Dusan

N1 - Funding Information: This research was partly supported by: NSF-BSF Grant 2018640; The BIU Center for Research in Applied Cryptography and Cyber Security, and the Center for Cyber Law and Policy at the University of Haifa, both in conjunction with the Israel National Cyber Directorate in the Prime Minister’s Office. Publisher Copyright: © Springer Nature Switzerland AG 2020.

PY - 2020

Y1 - 2020

N2 - The QC-MDPC code-based KEM Bit Flipping Key Encapsulation (BIKE) is one of the Round-2 candidates of the NIST PQC standardization project. It has a variant that is proved to be IND-CCA secure. The proof models the KEM with some black-box (“ideal”) primitives. Specifically, the decapsulation invokes an ideal primitive called “decoder”, required to deliver its output with a negligible Decoding Failure Rate (DFR). The concrete instantiation of BIKE substitutes this ideal primitive with a new decoding algorithm called “Backflip”, that is shown to have the required negligible DFR. However, it runs in a variable number of steps and this number depends on the input and on the key. This paper proposes a decoder that has a negligible DFR and also runs in a fixed (and small) number of steps. We propose that the instantiation of BIKE uses this decoder with our recommended parameters. We study the decoder’s DFR as a function of the scheme’s parameters to obtain a favorable balance between the communication bandwidth and the number of steps that the decoder runs. In addition, we build a constant-time software implementation of the proposed instantiation, and show that its performance characteristics are quite close to the IND-CPA variant. Finally, we discuss a subtle gap that needs to be resolved for every IND-CCA secure KEM (BIKE included) where the decapsulation has nonzero failure probability: the difference between average DFR and “worst-case” failure probability per key and ciphertext.

AB - The QC-MDPC code-based KEM Bit Flipping Key Encapsulation (BIKE) is one of the Round-2 candidates of the NIST PQC standardization project. It has a variant that is proved to be IND-CCA secure. The proof models the KEM with some black-box (“ideal”) primitives. Specifically, the decapsulation invokes an ideal primitive called “decoder”, required to deliver its output with a negligible Decoding Failure Rate (DFR). The concrete instantiation of BIKE substitutes this ideal primitive with a new decoding algorithm called “Backflip”, that is shown to have the required negligible DFR. However, it runs in a variable number of steps and this number depends on the input and on the key. This paper proposes a decoder that has a negligible DFR and also runs in a fixed (and small) number of steps. We propose that the instantiation of BIKE uses this decoder with our recommended parameters. We study the decoder’s DFR as a function of the scheme’s parameters to obtain a favorable balance between the communication bandwidth and the number of steps that the decoder runs. In addition, we build a constant-time software implementation of the proposed instantiation, and show that its performance characteristics are quite close to the IND-CPA variant. Finally, we discuss a subtle gap that needs to be resolved for every IND-CCA secure KEM (BIKE included) where the decapsulation has nonzero failure probability: the difference between average DFR and “worst-case” failure probability per key and ciphertext.

KW - BIKE

KW - Constant-time algorithm

KW - Constant-time implementation

KW - IND-CCA

KW - QC-MDPC codes

UR - http://www.scopus.com/inward/record.url?scp=85089317572&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-54074-6_4

DO - 10.1007/978-3-030-54074-6_4

M3 - Conference contribution

AN - SCOPUS:85089317572

SN - 9783030540739

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 50

EP - 79

BT - Code-Based Cryptography - 8th International Workshop, CBCrypto 2020, Revised Selected Papers

A2 - Baldi, Marco

A2 - Santini, Paolo

A2 - Persichetti, Edoardo

PB - Springer

T2 - 8th International Workshop on Code-Based Cryptography, CBCrypto 2020

Y2 - 9 May 2020 through 10 May 2020

ER -

Drucker N, Gueron S, Kostic D. On Constant-Time QC-MDPC decoders with negligible failure rate. In Baldi M, Santini P, Persichetti E, editors, Code-Based Cryptography - 8th International Workshop, CBCrypto 2020, Revised Selected Papers. Springer. 2020. p. 50-79. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-54074-6_4

On Constant-Time QC-MDPC decoders with negligible failure rate

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this