### On the Applicability of the Fujisaki-Okamoto Transformation to the BIKE KEM

Nir Drucker, Shay Gueron, Dusan Kostic, and Edoardo Persichetti

##### Abstract

The QC-MDPC code-based KEM BIKE is one of the Round-2 candidates of the NIST PQC standardization project. Its specification document describes a version that is claimed to have IND-CCA security. The security proof uses the Fujisaki-Okamoto transformation and a de-coder that targeted a Decoding Failure Rate (DFR) of 2^{-128} (for Level-1 security). However, there are several aspects that need to be amended in order for the IND-CCA proof to hold. The main issue is that using a decoder with DFR of 2^{-128} does not necessarily imply that the underlying PKE is \delta correct with \delta=2^{-128}, as required. In this paper, we handle the necessary aspects in the definitions of the KEM to ensure the security claim is correct. In particular, we close the gap in the proof by defining the notion of a message-agnostic PKE for which decryption failures are independent of the encrypted message. We show that all the PKE underlying the BIKE versions are message-agnostic. This implies that BIKE with a decoder that has a sufficiently low DFR is also an IND-CCA KEM.

Available format(s)
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
BIKEPost-Quantum CryptographyNISTQC-MDPC codesFujisaki-Okamoto
Contact author(s)
drucker nir @ gmail com
shay gueron @ gmail com
dusan kostic @ epfl ch
epersichetti @ fau edu
History
Short URL
https://ia.cr/2020/510

CC BY

BibTeX

@misc{cryptoeprint:2020/510,
author = {Nir Drucker and Shay Gueron and Dusan Kostic and Edoardo Persichetti},
title = {On the Applicability of the Fujisaki-Okamoto Transformation to the BIKE KEM},
howpublished = {Cryptology ePrint Archive, Paper 2020/510},
year = {2020},
note = {\url{https://eprint.iacr.org/2020/510}},
url = {https://eprint.iacr.org/2020/510}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.