Fast Polynomial Inversion for Post Quantum QC-MDPC Cryptography

Abstract

The NIST PQC standardization project evaluates multiple new designs for post-quantum Key Encapsulation Mechanisms (KEMs). Some of them present challenging tradeoffs between communication bandwidth and computational overheads. An interesting case is the set of QC-MDPC based KEMs. Here, schemes that use the Niederreiter framework require only half the communication bandwidth compared to schemes that use the McEliece framework. However, this requires costly polynomial inversion during the key generation, which is prohibitive when ephemeral keys are used. One example is BIKE, where the BIKE-1 variant uses McEliece and the BIKE-2 variant uses Niederreiter. This paper shows an optimized constant-time polynomial inversion method that makes the computation costs of BIKE-2 key generation tolerable. We report a speedup of$$11.8{\times }$$ over the commonly used NTL library, and$$55.5{\times }$$ over OpenSSL. We achieve additional speedups by leveraging the latest Intel’s Vector-instructions on a laptop machine,$$14.3{\times }$$ over NTL and$$96.8{\times }$$ over OpenSSL. With this, BIKE-2 becomes a competitive variant of BIKE.