Area–Time-Efficient Code-Based Postquantum Key Encapsulation Mechanism on FPGA

Postquantum cryptography attracts a lot of attention from the research community recently due to the emergence threat from quantum computer toward the conventional cryptographic schemes. In view of that, NIST had initiated the standardization process in 2017. Bit flipping key encapsulation (BIKE) designed by Aragon <italic>et al.</italic> is one of the promising code-based schemes among the round-3 candidates. BIKE utilizes a quasi-cyclic medium density parity check (QC-MDPC) code and incorporates a few variants derived from the McEliece, Niederreiter, and Ouroboros schemes. In this article, we present efficient and constant time implementation of BIKEI and BIKE-III in field-programmable gate array (FPGA), which has the best area–time efficiency so far. We proposed modification to the original one-round bit flipping algorithm to achieve more area–time-efficient decoding in hardware, which achieved latency of 464.73 and <inline-formula> <tex-math notation="LaTeX">$556.52~\mu \text{s}$ </tex-math></inline-formula> for BIKE-I and BIKE-III, respectively, in Virtex-7. A pipelined key encapsulation architecture is proposed to speedup the key encapsulation of BIKE-I and BIKE-III, achieving the latency of 146.47 and <inline-formula> <tex-math notation="LaTeX">$153.25~\mu \text{s}$ </tex-math></inline-formula> on the same FPGA platform. Considering the Artix-7 FPGA platform, our combined key generation and encapsulation module for BIKE-I is also three more area–time efficient compared with the state-of-the-art BIKE-I implementation by Aragon <italic>et al.</italic>

[1]  Jihoon Cho,et al.  Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography , 2019, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[2]  Tim Güneysu,et al.  Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices , 2013, CHES.

[3]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[4]  Daniel Apon,et al.  Status report on the first round of the NIST post-quantum cryptography standardization process , 2019 .

[5]  Kris Gaj,et al.  Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using FPGAs , 2010, CHES.

[6]  Tim Güneysu,et al.  MicroEliece: McEliece for Embedded Devices , 2009, CHES.

[7]  Reza Azarderakhsh,et al.  SIKE’d Up: Fast Hardware Architectures for Supersingular Isogeny Key Encapsulation , 2020, IEEE Transactions on Circuits and Systems I: Regular Papers.

[8]  Nicolas Sendrier,et al.  Worst case QC-MDPC decoder for McEliece cryptosystem , 2016, 2016 IEEE International Symposium on Information Theory (ISIT).

[9]  Jakub Szefer,et al.  FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes , 2018, IACR Cryptol. ePrint Arch..

[10]  Paulo S. L. M. Barreto,et al.  CAKE: Code-Based Algorithm for Key Encapsulation , 2017, IMACC.

[11]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[12]  Paulo S. L. M. Barreto,et al.  BIKE: Bit Flipping Key Encapsulation , 2017 .

[13]  Tim Güneysu,et al.  Standard Lattice-Based Key Encapsulation on Embedded Devices , 2018, IACR Cryptol. ePrint Arch..

[14]  Shay Gueron,et al.  A toolbox for software optimization of QC-MDPC code-based cryptosystems , 2019, IACR Cryptol. ePrint Arch..

[15]  Thomas Johansson,et al.  A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors , 2016, ASIACRYPT.

[16]  Tim Güneysu,et al.  Lightweight code-based cryptography: QC-MDPC McEliece encryption on reconfigurable devices , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[17]  Daniel J. Bernstein,et al.  Introduction to post-quantum cryptography , 2009 .

[18]  Edward Eaton,et al.  QC-MDPC: A Timing Attack and a CCA2 KEM , 2018, IACR Cryptol. ePrint Arch..

[19]  Chen-Mou Cheng,et al.  High Performance Post-Quantum Key Exchange on FPGAs , 2021, J. Inf. Sci. Eng..

[20]  John Kelsey,et al.  Recommendation for Random Number Generation Using Deterministic Random Bit Generators , 2014 .

[21]  Ricardo Chaves,et al.  Efficient FPGA Implementation of the SHA-3 Hash Function , 2017, 2017 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[22]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[23]  Huaxiong Wang,et al.  Optimized Polynomial Multiplier Over Commutative Rings on FPGAs: A Case Study on BIKE , 2019, 2019 International Conference on Field-Programmable Technology (ICFPT).

[24]  Gilles Zémor,et al.  Ouroboros: A Simple, Secure and Efficient Key Exchange Protocol Based on Coding Theory , 2017, PQCrypto.

[25]  Craig Costello,et al.  Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE , 2016, IACR Cryptol. ePrint Arch..

[26]  Tung Chou,et al.  QcBits: Constant-Time Small-Key Code-Based Cryptography , 2016, CHES.

[27]  Paul Zbinden,et al.  FPGA-based Accelerator for Post-Quantum Signature Scheme SPHINCS-256 , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[28]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[29]  Tim Güneysu,et al.  Implementing the NewHope-Simple Key Exchange on Low-Cost FPGAs , 2017, LATINCRYPT.

[30]  Olivier Blazy,et al.  Efficient Encryption From Random Quasi-Cyclic Codes , 2016, IEEE Transactions on Information Theory.

[31]  Michael Alekhnovich More on Average Case vs Approximation Complexity , 2011, computational complexity.