TY - GEN
T1 - Fast Polynomial Inversion for Post Quantum QC-MDPC Cryptography
AU - Drucker, Nir
AU - Gueron, Shay
AU - Kostic, Dusan
N1 - Publisher Copyright: © 2020, Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - The NIST PQC standardization project evaluates multiple new designs for post-quantum Key Encapsulation Mechanisms (KEMs). Some of them present challenging tradeoffs between communication bandwidth and computational overheads. An interesting case is the set of QC-MDPC based KEMs. Here, schemes that use the Niederreiter framework require only half the communication bandwidth compared to schemes that use the McEliece framework. However, this requires costly polynomial inversion during the key generation, which is prohibitive when ephemeral keys are used. One example is BIKE, where the BIKE-1 variant uses McEliece and the BIKE-2 variant uses Niederreiter. This paper shows an optimized constant-time polynomial inversion method that makes the computation costs of BIKE-2 key generation tolerable. We report a speedup of$$11.8{\times }$$ over the commonly used NTL library, and$$55.5{\times }$$ over OpenSSL. We achieve additional speedups by leveraging the latest Intel’s Vector-instructions on a laptop machine,$$14.3{\times }$$ over NTL and$$96.8{\times }$$ over OpenSSL. With this, BIKE-2 becomes a competitive variant of BIKE.
AB - The NIST PQC standardization project evaluates multiple new designs for post-quantum Key Encapsulation Mechanisms (KEMs). Some of them present challenging tradeoffs between communication bandwidth and computational overheads. An interesting case is the set of QC-MDPC based KEMs. Here, schemes that use the Niederreiter framework require only half the communication bandwidth compared to schemes that use the McEliece framework. However, this requires costly polynomial inversion during the key generation, which is prohibitive when ephemeral keys are used. One example is BIKE, where the BIKE-1 variant uses McEliece and the BIKE-2 variant uses Niederreiter. This paper shows an optimized constant-time polynomial inversion method that makes the computation costs of BIKE-2 key generation tolerable. We report a speedup of$$11.8{\times }$$ over the commonly used NTL library, and$$55.5{\times }$$ over OpenSSL. We achieve additional speedups by leveraging the latest Intel’s Vector-instructions on a laptop machine,$$14.3{\times }$$ over NTL and$$96.8{\times }$$ over OpenSSL. With this, BIKE-2 becomes a competitive variant of BIKE.
KW - BIKE
KW - Constant-time algorithm
KW - Constant-time implementation
KW - Polynomial inversion
KW - QC-MDPC codes
UR - http://www.scopus.com/inward/record.url?scp=85087761671&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-030-49785-9_8
DO - https://doi.org/10.1007/978-3-030-49785-9_8
M3 - Conference contribution
SN - 9783030497842
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 110
EP - 127
BT - Cyber Security Cryptography and Machine Learning - 4th International Symposium, CSCML 2020, Proceedings
A2 - Dolev, Shlomi
A2 - Weiss, Gera
A2 - Kolesnikov, Vladimir
A2 - Lodha, Sachin
PB - Springer
T2 - 4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020
Y2 - 2 July 2020 through 3 July 2020
ER -