International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Optimizing BIKE for the Intel Haswell and ARM Cortex-M4

Authors:
Ming-Shing Chen , Ruhr University Bochum, Bochum, Germany
Tung Chou , Academia Sinica, Taipei, Taiwan
Markus Krausz , Ruhr University Bochum, Bochum, Germany
Download:
DOI: 10.46586/tches.v2021.i3.97-124
URL: https://tches.iacr.org/index.php/TCHES/article/view/8969
Search ePrint
Search Google
Abstract: BIKE is a key encapsulation mechanism that entered the third round of the NIST post-quantum cryptography standardization process. This paper presents two constant-time implementations for BIKE, one tailored for the Intel Haswell and one tailored for the ARM Cortex-M4. Our Haswell implementation is much faster than the avx2 implementation written by the BIKE team: for bikel1, the level-1 parameter set, we achieve a 1.39x speedup for decapsulation (which is the slowest operation) and a 1.33x speedup for the sum of all operations. For bikel3, the level-3 parameter set, we achieve a 1.5x speedup for decapsulation and a 1.46x speedup for the sum of all operations. Our M4 implementation is more than two times faster than the non-constant-time implementation portable written by the BIKE team. The speedups are achieved by both algorithm-level and instruction-level optimizations.
Video from TCHES 2021
BibTeX
@article{tches-2021-31279,
  title={Optimizing BIKE for the Intel Haswell and ARM Cortex-M4},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2021, Issue 3},
  pages={97-124},
  url={https://tches.iacr.org/index.php/TCHES/article/view/8969},
  doi={10.46586/tches.v2021.i3.97-124},
  author={Ming-Shing Chen and Tung Chou and Markus Krausz},
  year=2021
}