Transactions on Cryptographic Hardware and Embedded Systems, Volume 2021
Optimizing BIKE for the Intel Haswell and ARM Cortex-M4
Ming-Shing Chen
Ruhr University Bochum, Bochum, Germany
Tung Chou
Academia Sinica, Taipei, Taiwan
Markus Krausz
Ruhr University Bochum, Bochum, Germany
Keywords: constant-time implementations, NIST PQC standardization, Cortex-M4
Abstract
BIKE is a key encapsulation mechanism that entered the third round of the NIST post-quantum cryptography standardization process. This paper presents two constant-time implementations for BIKE, one tailored for the Intel Haswell and one tailored for the ARM Cortex-M4. Our Haswell implementation is much faster than the avx2 implementation written by the BIKE team: for bikel1, the level-1 parameter set, we achieve a 1.39x speedup for decapsulation (which is the slowest operation) and a 1.33x speedup for the sum of all operations. For bikel3, the level-3 parameter set, we achieve a 1.5x speedup for decapsulation and a 1.46x speedup for the sum of all operations. Our M4 implementation is more than two times faster than the non-constant-time implementation portable written by the BIKE team. The speedups are achieved by both algorithm-level and instruction-level optimizations.
Publication
Transactions of Cryptographic Hardware and Embedded Systems, Volume 2021, Issue 3
PaperArtifact
Artifact number
tches/2021/a12
Artifact published
August 1, 2021
License
To the extent possible under law, the author(s) have waived all copyright and related or neighboring rights to this artifact.
Some files in this archive are licensed under a different license. See the contents of this archive for more information.
BibTeX How to cite
Chen, M.-S., Chou, T., & Krausz, M. (2021). Optimizing BIKE for the Intel Haswell and ARM Cortex-M4. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(3), 97–124. https://doi.org/10.46586/tches.v2021.i3.97-124. Artifact at https://artifacts.iacr.org/tches/2021/a12.