RacingBIKE: Improved Polynomial Multiplication and Inversion in Hardware

This repository contains the Verilog source code for the paper RacingBIKE: Improved Polynomial Multiplication and Inversion in Hardware.

Features

RacingBIKE provides a new fast polynomial multiplier, a novel design for the polynomial inversion, and a united hardware design for the PQC scheme Bit-Flipping Key Encapsulation (BIKE). The Verilog sources can be found in src/ including a testbench (src/TB_BIKE.sv) and a package (src/BIKE_package.sv) to configure the implementation. Note, the Decoder is adapted from FoldingBIKE and uses device-specific DSP instantiations for Xilinx Artix-7 FPGAs.

The testbench expects testvectors to perform a behavioral simulation. We provide one set of testvectors for each security level which can be found in testvectors. The datasets were generated by the software reference implementation (see https://bikesuite.org/).

The configuration file defines all BIKE related parameters and implementation specific parameters. The following tables briefly describe the available parameters.

BIKE related parameters:

BIKE parameter	Verilog parameter	Description
$r$	R_BITS	Bit size of the used polynomials
$t$	T1	Decoding radius
$w$	W	w/2 defines the weight of the private key polynomials
$l$	L	Shared secret size
$\tau$	TAU	Offset to determine the black and gray lists
$NBIter$	NBITER	Number of iterations of the decoder
threshold $a$*	TH_F	Multiplication factor for the threshold computation
threshold $b$*	TH_T	Constant term added in the threshold computation
threshold $c$*	MAX_C	Minimum value taken by the threshold function

*We describe the threshold function by $\texttt{threshold}(S)=\text{max}(\lfloor a \cdot S + b \rfloor, c)$

Implementation specific parameters:

Verilog parameter	Description
B_WIDTH	Bandwidth scaling parameter $b$ (tested for $b \in {32, 64, 128}$)
INVERSION_STEPS	Defines the step size $s$ of the inversion module
BRAM_CAP	Defines the size (in bits) of the memory modules available on the target device

Quick Start

To use and experiment with the hardware design, you can use the provided TCL script bike.tcl which creates a project in Vivado 2020. To build the project, use the following instructions:

1. Open Vivado
2. Open the Tcl Concole (at the bottom left corner)
3. Navigate to the RacingBIKE folder, i.e., cd path_to_folder/RacingBIKE
4. Execute source bike.tcl
5. Vivado will create a new project in the RacingBIKE folder called bike
6. The created folder should contain the following files and folder:
   • bike.cache
   • bike.hw
   • bike.ip_user_files
   • bike.sim
   • bike.srcs
   • bike.xpr

Eventaully, the project is ready to use such that behavioral simulations and syntheses can be executed. The preconfigured design instantiates a light-weight BIKE accelerator for $r=12323$. To change the design parameters, you can use the provided BIKE package (see above). The applied testvectors used by the behavioral simulation can be adapted in the testbench given as parameters in the module declaration.

Contact and Support

Please contact Jan Richter-Brockmann (jan.richter-brockmann@rub.de) if you have any questions, comments, if you found a bug that should be corrected, or if you want to reuse the Verilog code or parts of it for your own research projects.

Licensing

Copyright (c) 2021, Jan Richter-Brockmann. All rights reserved.

Please see LICENSE for further license instructions.

Publications

J. Richter-Brockmann, M. Chen, S. Ghosh, T. Güneysu (2022): RacingBIKE: Improved Polynomial Multiplication and Inversion in Hardware. TCHES 2022

Acknowledgment

We would like to thank the anonymous reviewers from the CHES'22 artifact submission committee that provided us with useful comments and suggestions to improve the usability of our source code.