The QC-MDPC code-based KEM Bit Flipping Key Encapsulation (BIKE) is one of the Round-2 candidates of the NIST PQC standardization project. It has a variant that is proved to be IND-CCA secure. The proof models the KEM with some black-box (“ideal”) primitives. Specifically, the decapsulation invokes an ideal primitive called “decoder”, required to deliver its output with a negligible Decoding Failure Rate (DFR). The concrete instantiation of BIKE substitutes this ideal primitive with a new decoding algorithm called “Backflip”, that is shown to have the required negligible DFR. However, it runs in a variable number of steps and this number depends on the input and on the key. This paper proposes a decoder that has a negligible DFR and also runs in a fixed (and small) number of steps. We propose that the instantiation of BIKE uses this decoder with our recommended parameters. We study the decoder’s DFR as a function of the scheme’s parameters to obtain a favorable balance between the communication bandwidth and the number of steps that the decoder runs. In addition, we build a constant-time software implementation of the proposed instantiation, and show that its performance characteristics are quite close to the IND-CPA variant. Finally, we discuss a subtle gap that needs to be resolved for every IND-CCA secure KEM (BIKE included) where the decapsulation has nonzero failure probability: the difference between average DFR and “worst-case” failure probability per key and ciphertext.
|Title of host publication||Code-Based Cryptography - 8th International Workshop, CBCrypto 2020, Revised Selected Papers|
|Editors||Marco Baldi, Paolo Santini, Edoardo Persichetti|
|Number of pages||30|
|State||Published - 2020|
|Event||8th International Workshop on Code-Based Cryptography, CBCrypto 2020 - Zagreb, Croatia|
Duration: 9 May 2020 → 10 May 2020
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Conference||8th International Workshop on Code-Based Cryptography, CBCrypto 2020|
|Period||9/05/20 → 10/05/20|
Bibliographical noteFunding Information:
This research was partly supported by: NSF-BSF Grant 2018640; The BIU Center for Research in Applied Cryptography and Cyber Security, and the Center for Cyber Law and Policy at the University of Haifa, both in conjunction with the Israel National Cyber Directorate in the Prime Minister?s Office.
© Springer Nature Switzerland AG 2020.
- Constant-time algorithm
- Constant-time implementation
- QC-MDPC codes
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science (all)