On Constant-Time QC-MDPC decoders with negligible failure rate

Nir Drucker, Shay Gueron, Dusan Kostic

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


The QC-MDPC code-based KEM Bit Flipping Key Encapsulation (BIKE) is one of the Round-2 candidates of the NIST PQC standardization project. It has a variant that is proved to be IND-CCA secure. The proof models the KEM with some black-box (“ideal”) primitives. Specifically, the decapsulation invokes an ideal primitive called “decoder”, required to deliver its output with a negligible Decoding Failure Rate (DFR). The concrete instantiation of BIKE substitutes this ideal primitive with a new decoding algorithm called “Backflip”, that is shown to have the required negligible DFR. However, it runs in a variable number of steps and this number depends on the input and on the key. This paper proposes a decoder that has a negligible DFR and also runs in a fixed (and small) number of steps. We propose that the instantiation of BIKE uses this decoder with our recommended parameters. We study the decoder’s DFR as a function of the scheme’s parameters to obtain a favorable balance between the communication bandwidth and the number of steps that the decoder runs. In addition, we build a constant-time software implementation of the proposed instantiation, and show that its performance characteristics are quite close to the IND-CPA variant. Finally, we discuss a subtle gap that needs to be resolved for every IND-CCA secure KEM (BIKE included) where the decapsulation has nonzero failure probability: the difference between average DFR and “worst-case” failure probability per key and ciphertext.

Original languageEnglish
Title of host publicationCode-Based Cryptography - 8th International Workshop, CBCrypto 2020, Revised Selected Papers
EditorsMarco Baldi, Paolo Santini, Edoardo Persichetti
Number of pages30
ISBN (Print)9783030540739
StatePublished - 2020
Event8th International Workshop on Code-Based Cryptography, CBCrypto 2020 - Zagreb, Croatia
Duration: 9 May 202010 May 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12087 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference8th International Workshop on Code-Based Cryptography, CBCrypto 2020

Bibliographical note

Funding Information:
This research was partly supported by: NSF-BSF Grant 2018640; The BIU Center for Research in Applied Cryptography and Cyber Security, and the Center for Cyber Law and Policy at the University of Haifa, both in conjunction with the Israel National Cyber Directorate in the Prime Minister’s Office.

Publisher Copyright:
© Springer Nature Switzerland AG 2020.


  • BIKE
  • Constant-time algorithm
  • Constant-time implementation
  • QC-MDPC codes

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)


Dive into the research topics of 'On Constant-Time QC-MDPC decoders with negligible failure rate'. Together they form a unique fingerprint.

Cite this