Paper 2021/493

Optimizing BIKE for the Intel Haswell and ARM Cortex-M4

Ming-Shing Chen, Tung Chou, and Markus Krausz

Abstract

BIKE is a key encapsulation mechanism that entered the third round of the NIST post-quantum cryptography standardization process. This paper presents two constant-time implementations for BIKE, one tailored for the Intel Haswell and one tailored for the ARM Cortex-M4. Our Haswell implementation is much faster than the avx2 implementation written by the BIKE team: for bikel1, the level-1 parameter set, we achieve a 1.39x speedup for decapsulation (which is the slowest operation) and a 1.33x speedup for the sum of all operations. For bikel3, the level-3 parameter set, we achieve a 1.5x speedup for decapsulation and a 1.46x speedup for the sum of all operations. Our M4 implementation is more than two times faster than the non-constant-time implementation portable written by the BIKE team. The speedups are achieved by both algorithm-level and instruction-level optimizations.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
constant-time implementationsNIST PQC standardizationCortex- M4
Contact author(s)
blueprint @ crypto tw
mschen @ crypto tw
markus krausz @ rub de
History
2021-04-19: received
Short URL
https://ia.cr/2021/493
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/493,
      author = {Ming-Shing Chen and Tung Chou and Markus Krausz},
      title = {Optimizing BIKE for the Intel Haswell and ARM Cortex-M4},
      howpublished = {Cryptology ePrint Archive, Paper 2021/493},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/493}},
      url = {https://eprint.iacr.org/2021/493}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.